Slashdot Mirror

← Back to Stories (view on slashdot.org)

CERT Warns Of Multiple Vulnerabilities In Libpng

Posted by simoniker on from the puh-nug-guh dept.

jefftp writes "CERT announced today that there are several vulnerabilities in libpng, one is a buffer overflow which could potentially cause a PNG image file to execute arbitrary code. Libpng release 1.2.6rc1 addresses the problems covered by this CERT announcement, and can be obtained from the libpng Sourceforge project. A fully tested version is to be released in the next few weeks."

3 of 259 comments (clear)

  1. Debian by Fuzzums · · Score: 3, Interesting

    Within an hour (or so) after the CERT-mail I also got the Matt Zimmerman-mail.

    Fixed :)
    I love this!

    Thanks Guys!

    --
    Privacy is terrorism.
  2. Another exploit in libpng by ShadowRage · · Score: 4, Interesting

    image bombs. basically, you create a 190000x190000 pixel monochrome image, save it, and it compresses to 43 kb

    anyone opens it... *BAM* it expands into 2gb of ram.

    1. Re:Another exploit in libpng by thogard · · Score: 4, Interesting

      This is a problem? I've got about 300 people try to anon-proxy through one my servers every day. When they ask for a gif (or png or whatever) would be a nice to give them something to make them go away.