LibPNG Graphics Library Multiple Remote Vulnerabilities
The libpng graphics library is reported prone to multiple vulnerabilities. The following issues are reported:
- A stack-based buffer-overrun vulnerability resides in the libpng library (CAN-2004-0597). A remote attacker may exploit this condition by supplying a malicious image to an unsuspecting user. When this image is viewed, the vulnerability may be triggered, resulting in code execution in the context of the user that viewed the malicious image.
- A denial-of-service vulnerability affects libpng (CAN-2004-0598). A remote attacker may exploit this condition by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, a NULL-pointer dereference will occur, resulting in a crash of the application that is linked to the vulnerable library.
- Several integer-overrun vulnerabilities reside in png_handle_sPLT(), png_read_png(), and other functions of libpng (CAN-2004-0599). A remote attacker may exploit the integer-overrun issues by supplying a malicious image to an unsuspecting user. When the malicious image is viewed, an integer value may wrap or may be interpreted incorrectly, resulting in a crash of the application that is linked to the vulnerable library or possibly arbitrary code execution.
This BID will be split into independent BIDs when further analysis of these issues is complete.
** Update: Microsoft MSN Messenger and Windows Messenger use an affected version of the libpng library and are therefore affected by this vulnerability. Reportedly, attackers can exploit this while sending images through supported functionality to unsuspecting users running the vulnerable software. Please see the Core Security Technologies Advisory for more information.