Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zlib Security Flaw Could Cause Widespread Trouble

Posted by timothy on from the all-over-the-place dept.

BlueSharpieOfDoom writes "Whitedust has an interesting article posted about the new zlib buffer overflow. It affects countless software applications, even on Microsoft Windows. Some of the most affected application are those that are able to use the PNG graphic format, as zlib is wildely used in compression of PNG images. Zlib was also in the news in 2002 because of a flaw found in the way it handled memory allocation. The new hole could allow remote attackers to crash the vulnerable program or even the possiblity of executing arbitrary code."

3 of 372 comments (clear)

  1. For those with IE on XP,2003 by A+beautiful+mind · · Score: 1, Redundant

    please visit this link:
    http://www.hunger.hu/win.html

    Warning: the link causes BSOD because of a flaw in the image rendering algorithm of some windows component when it tries to render a huge image, the waiting times out and the kernel decides its better just to panic.

    The link causes no problems on linux, as it's implementation is not faulty.

    I think there is a patch for this fault on windowsupdate, but i can't be certain as i'm not using windows.

    So long with the zealotry of IE's safeness.

    --
    It takes a man to suffer ignorance and smile
    Be yourself no matter what they say
  2. Re:Important: Use a safe browser by yeremein · · Score: 0, Redundant

    Because Firefox renders PNG completely, it is prone to these sort of errors. However there is one browser that won't need a patch issued to be safe from this bug, which is Internet Explorer. While IE can render PNG a little, it hasn't implemented the full technology. By using IE, you ensure that you will be safe from any bugs that arise from new technologies, such as PNG.

    Wow, that's some attempt at spin. Too bad it's completely wrong.

    The fact that Microsoft doesn't support the PNG alpha channel, antialiasing, shadow masking, etc. is completely immaterial--IE still has to decompress the PNG, which means it is vulnerable to any zlib bugs.

    By the way, the "new technology" known as PNG was approved by the W3C on October 1, 1996. The fact that Microsoft still doesn't properly support it does not mean it's some bleeding edge thing. Microsoft is just stuck in the stone age.

  3. Re:Important: Use a safe browser by noda132 · · Score: 0, Redundant

    By using IE, you ensure that you will be safe from any bugs that arise from new technologies, such as PNG.

    That's wrong, IE is just as vulnerable with regard to PNGs.

    Also, zlib compression isn't only used in PNGs. It is used to transfer a good proportion of web pages, transparently. In fact, this very web page was transmitted to you using zlib, if you're using IE or Firefox or Opera or Safari or Lynx or....