[Png-mng-security] Vulnerability in libpng sPLT chunk handling
Tom Lane
tgl at sss.pgh.pa.us
Sat Nov 11 16:35:18 UTC 2006
Glenn Randers-Pehrson <glennrp at comcast.net> writes:
>> A certain PNG file with a large malformed sPLT chunk has been
>> demonstrated to crash libpng.
> A copy of the PNG file is at
> http://www.simplesystems.org/users/glennrp/hidden/crashers/
BTW, Red Hat's security folk were already informed of this and don't
think it's a critical issue, because they don't see any crash.
I don't either:
$ pngtopnm bad_sPLT.png
pngtopnm: fatal libpng error: Read Error
pngtopnm: setjmp returns error condition
$
This is with what RH is shipping in Fedora 5, which is ... hmm ... 1.2.8.
My ancient copy of 1.0.5 doesn't crash either. Maybe it's only a big
problem in the latest releases? Or am I missing something?
regards, tom lane
More information about the png-mng-security-archive
mailing list