[Png-mng-security] security bug in png_handle_tRNS
Tom Lane
tgl at sss.pgh.pa.us
Tue May 8 07:12:18 UTC 2007
Glenn Randers-Pehrson <glennrp at comcast.net> writes:
> It seems that a grayscale image with a malformed (bad CRC) tRNS chunk
> will crash libpng and mozilla.
Something that Red Hat's security folks will be demanding of me pretty
soon: can this be exploited to do anything more than just crash your
browser? Right offhand it looks like it can only cause a null pointer
dereference, but maybe I'm missing something more interesting.
regards, tom lane
More information about the png-mng-security-archive
mailing list