Slashdot Mirror

← Back to Stories (view on slashdot.org)

CERT Warns Of Multiple Vulnerabilities In Libpng

Posted by simoniker on from the puh-nug-guh dept.

jefftp writes "CERT announced today that there are several vulnerabilities in libpng, one is a buffer overflow which could potentially cause a PNG image file to execute arbitrary code. Libpng release 1.2.6rc1 addresses the problems covered by this CERT announcement, and can be obtained from the libpng Sourceforge project. A fully tested version is to be released in the next few weeks."

11 of 259 comments (clear)

  1. Diagram by skraps · · Score: 2, Funny

    Here is a .PNG file with a diagram that explains the problem.

    --
    Karma: -2147483648 (Mostly affected by integer overflow)
  2. Ah-ha! by iamdrscience · · Score: 5, Funny

    You all complained about Internet Explorer not being able to display PNGs correctly, but who's laughing now! Obviously they broke PNG support intentionally for security reasons. Once again, Microsoft comes through on the cutting edge.

  3. well by Anonymous Coward · · Score: 3, Funny

    it's a good thing all of the porn sites i visit use jpegs

  4. Bug? it's a feature! by barcodez · · Score: 4, Funny

    a buffer overflow which could potentially cause a PNG image file to execute arbitrary code

    This is not a bug it's a feature; the libpng team are obviously trying to get a piece of the ActiveX control market...

    --

    ----
  5. Re:php ! by Anonymous Coward · · Score: 5, Funny

    Seriously, we need a "Dumbass" mod option

  6. PNG security threat by Anonymous Coward · · Score: 2, Funny

    Is there oil at Papua - New Guinea?

  7. Arbitrary Code...? by Anonymous Coward · · Score: 2, Funny

    What is arbitrary code? How is it any different as compared to any other computer code, say a piece of software?

  8. Re:Mozilla by Theril · · Score: 5, Funny

    Sure it could. Implement image loading and rendering in Java and nobody has patience to load images anymore.

  9. Re:Old news by LiquidCoooled · · Score: 5, Funny

    "Submissions review procedure" ?

    Taco: "Wooah! this Doom 3 is excellent!!!!"

    Michael: "Anyone else gettin 503s?"

    Simoniker: "Is anybody doing ANY work?"

    Tim: "Simon - yer, just gettin submissions - omg, another 400"

    Taco: "Die scum die!!"

    Michael: "I give up, anyone wanna 7up?"

    Taco [Looking up from game for a minute] "Yer go on then!"

    Taco: "Tim, Throw another story onto the site, the natives are gettin restless."

    Tim: "eeny, meeny miny mo...."

    --
    liqbase :: faster than paper
  10. Perfect for spyware... by Call+Me+Black+Cloud · · Score: 1, Funny


    ...because, as you know, in Soviet Russia pr0n watches you!

    Sorry, it's early for me. I'm not warmed up yet. They'll get better...

  11. Re:Buffer overflow *again*? by Anonymous Coward · · Score: 1, Funny

    They're trivial to avoid (read: impossible) in nearly every popular language except C, C++, or assembler. The future of computers is definatey having a simple, trusted kernel and running everything else with either proof-carrying code or in a virtual machine (or some combination of both!). I don't know what these people are doing with PNG's that they're absolutely convinced no language besides C can do it fast enough (I call BS). At least they could use OCaml and get better performance than C without buffer overflows.