ISS X-Force Database: libpng-pngsetstripalpha-bo(24396): libpng png_set_strip

libpng png_set_strip_alpha() buffer overflow

libpng-pngsetstripalpha-bo (24396)

Low Risk

Description:

libpng is vulnerable to a heap-based buffer overflow, caused by improper bounds checking by the png_set_strip_alpha() function. By sending a PNG image containing alpha channels, a remote attacker could overflow a buffer and cause the application to crash.

Platforms Affected:

Gentoo, Linux
libpng, libpng 1.0.16
libpng, libpng 1.0.17
libpng, libpng 1.2.6
libpng, libpng 1.2.7
RedHat, Enterprise Linux 4 ES
RedHat, Enterprise Linux 4 WS
RedHat, Enterprise Linux 4 Desktop
RedHat, Enterprise Linux 4 AS

Remedy:

Upgrade to the latest version of libpng (1.0.18, 1.2.8 or later), available from the libpng Web site. See References.

For Red Hat Linux:
Refer to RHSA-2006:0205-4 for patch, upgrade, or suggested workaround information. See References.

Consequences:

Denial of Service

References:

libpng Web site, libpng Home Page at http://www.libpng.org/pub/png/libpng.html.
Red Hat Bugzilla Bug 179455, CVE-2006-0481 libpng heap based buffer overflow at https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=179455.
BID-16626: Libpng Graphics Library PNG_Set_Strip_Alpha Buffer Overflow Vulnerability
CVE-2006-0481: Heap-based buffer overflow in the alpha strip capability in libpng 1.2.7 allows context-dependent attackers to cause a denial of service (crash) when the png_do_strip_filler function is used to strip alpha channels out of the image.
GLSA-200812-15: POV-Ray: User-assisted execution of arbitrary code
RHSA-2006-0205: libpng security update
SA18654: libpng "png_set_strip_alpha()" Buffer Overflow Vulnerability
SECTRACK ID: 1015615: libpng Buffer Overflow in png_set_strip_alpha() Lets Users Deny Service
SECTRACK ID: 1015617: (Red Hat Issues Fix) libpng Buffer Overflow in png_set_strip_alpha() Lets Users Deny Service
VUPEN/ADV-2006-0393: Libpng png_do_strip_filler Initialization Buffer Overflow Vulnerability

Reported:

Feb 01, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page