libpng png_decompress_chunk() buffer overflow

libpng-pngdecompresschunk-bo (27468)

High Risk

Description:

The libpng Portable Network Graphics (PNG) library is vulnerable to a buffer overflow, caused by improper bounds checking by the png_decompress_chunk() function in the pngrutil.c routine. By sending a specially-crafted PNG image containing malformed compressed data, a remote attacker could overflow a buffer and possibly execute arbitrary code on the system or cause the application linked to libpng to crash.

Platforms Affected:

• Apple, Mac OS X 10.5.2
• Apple, Mac OS X Server 10.5.2
• Gentoo, Linux
• libpng, libpng prior to 1.0.20
• libpng, libpng prior to 1.2.12
• Mandriva, Corporate Server 3.0 X86_64
• Mandriva, Corporate Server 3.0
• Mandriva, Corporate Server 4.0
• Mandriva, Corporate Server 4.0 X86_64
• Mandriva, Linux 2006
• Mandriva, Linux 2006 X86_64
• Mandriva, Linux 2007
• Mandriva, Linux 2007 X86_64
• Mandriva, Multi Network Firewall 2.0
• OpenPKG, OpenPKG 2-STABLE
• OpenPKG, OpenPKG 2.5
• OpenPKG, OpenPKG CURRENT
• Turbolinux, Turbolinux 10 Desktop
• Turbolinux, Turbolinux 10 F...
• Turbolinux, Turbolinux 10 Server
• Turbolinux, Turbolinux 10 Server x64 Ed
• Turbolinux, Turbolinux FUJI
• Turbolinux, Turbolinux Home
• Turbolinux, Turbolinux Multimedia
• Turbolinux, Turbolinux Personal
• Turbolinux, Turbolinux Appliance Server 2.0

Remedy:

Upgrade to the latest version of libpng (1.0.20 or later) or (1.2.12 or later), available from SourceForge.net. See References.

For OpenPKG: Refer to OpenPKG Security Advisory OpenPKG-SA-2006-011 for patch, upgrade, or suggested workaround information. See References.

For Gentoo Linux:
Refer to Gentoo Linux Security Announcement GLSA 2006-07-06 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux:
Refer to Mandriva Linux Security Advisory MDKSA-2006:210 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux:
Refer to Mandriva Linux Security Advisory MDKSA-2006:213 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux:
Refer to Mandriva Linux Security Advisory MDKSA-2006:212 for patch, upgrade, or suggested workaround information. See References.

For Mandriva Linux:
Refer to Mandriva Linux Security Advisory MDKSA-2006:209 for patch, upgrade, or suggested workaround information. See References.

For Mac OS X:
Apply Security Update 2008-002, available from the Apple Web site. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• Apple Web site, About Security Update 2008-002 at http://docs.info.apple.com/article.html?artnum=307562.
• SourceForge.net: Files, PNG reference library: libpng - File Release Notes and Changelog - Release Name: 1.2.12 at http://sourceforge.net/project/shownotes.php?group_id=5624&release_id=428123.
• BID-18698: libpng Graphics Library Chunk Error Processing Buffer Overflow Vulnerability
• CVE-2006-3334: Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to chunk error processing
• FrSIRT/ADV-2006-2585: Libpng png_decompress_chunk() Chunk Name Handling Buffer Overflow Vulnerability
• FrSIRT/ADV-2008-0924: Apple Mac OS X Command Execution and Security Bypass Issues
• GLSA-200607-06: libpng: Buffer overflow
• MDKSA-2006:209: Updated libpng packages fix vulnerabilities
• MDKSA-2006:210: Updated syslinux packages to fix embedded libpng vulnerabilities
• MDKSA-2006:211: Updated pxelinux packages to fix embedded libpng vulnerabilities
• MDKSA-2006:212: Updated doxygen packages to fix embedded libpng vulnerabilities
• MDKSA-2006:213: Updated chromium packages to fix embedded libpng vulnerabilities
• OpenPKG-SA-2006.011: libpng
• SA29420: Mac OS X Security Update Fixes Multiple Vulnerabilities
• SUSE-SR:2006:016: SUSE Security Summary Report
• SUSE-SR:2006:028: SUSE Security Summary Report

Reported:

Jun 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page