Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zlib Security Flaw Could Cause Widespread Trouble

Posted by timothy on from the all-over-the-place dept.

BlueSharpieOfDoom writes "Whitedust has an interesting article posted about the new zlib buffer overflow. It affects countless software applications, even on Microsoft Windows. Some of the most affected application are those that are able to use the PNG graphic format, as zlib is wildely used in compression of PNG images. Zlib was also in the news in 2002 because of a flaw found in the way it handled memory allocation. The new hole could allow remote attackers to crash the vulnerable program or even the possiblity of executing arbitrary code."

6 of 372 comments (clear)

  1. Important: Use a safe browser by aussie_a · · Score: 4, Funny

    Because Firefox renders PNG completely, it is prone to these sort of errors. However there is one browser that won't need a patch issued to be safe from this bug, which is Internet Explorer. While IE can render PNG a little, it hasn't implemented the full technology. By using IE, you ensure that you will be safe from any bugs that arise from new technologies, such as PNG.

    So next time someone recommends a browser. Stop and wonder about what technology the latest browser has implemented properly without regard to any security issues, and remember that it will be decades before IE implements the technology (if it ever does) so it will be safe for quite some time, by being a stable browser that rarely changes.


    Mods: This is not an attempt at troll, but a parody of the typical "This is why you should switch to Firefox" posts whenever a vulnerability involving IE. It should be painfully obvious, but then again most of you are on crack.

  2. Re:Modularised code will always have this problem. by CaptainFork · · Score: 4, Funny
    Why are we still having buffer overflows? There's a compile option in Visual C++ that allows automatic buffer overflow protection. Does GCC have this switch? If so, why not?

    If so why not? - and if not, why so?

    Why why not but not if not? Why not not?

  3. Re:Mods on crack!? by atrocious+cowpat · · Score: 3, Funny
    Mods: This is not an attempt at troll, but a parody of the typical "This is why you should switch to Firefox" posts whenever a vulnerability involving IE. It should be painfully obvious, but then again most of you are on crack.

    Slander! I only mod people down when I'm off crack!
    --
    sig? Oh, that sig...
  4. Is i my imagination... by MSDos-486 · · Score: 3, Funny

    or does it seem the end of the world will be caused by a buffer overflow?

  5. Re:Modularised code will always have this problem. by Saint+Stephen · · Score: 3, Funny
    Foam at the mouth and fall over backwards. Is he foaming at the mouth to fall over backwards or falling over backwards to foam at the mouth. Tonight 'Spectrum' examines the whole question of frothing and falling, coughing and calling, screaming and bawling, walling and stalling, galling and mauling, palling and hauling, trawling and squalling and zalling. Zalling? Is there a word zalling? If there is what does it mean...if there isn't what does it mean? Perhaps both. Maybe neither. What do I mean by the word mean? What do I mean by the word word, what do I mean by what do I mean, what do I mean by do, and what do I do by mean? What do I do by do by do and what do I do by wasting your time like this? Goodnight
    -- Monty Python
  6. Zlib loaded with Spyware by yajacuk · · Score: 3, Funny
    I ran the AOL Spyware protection twice this week and both times I found spyware in the Zlib library.
    Here is a sample of the Scan log.
    ASP Version: 1.0.77 Definition Date: 01-05-05 Date: 7/6/2005 5:02:02 PM
    Action: Found: c:\Program Files\daimonin\client\zlib.dll
    Spyware Name: Diablo Keys