[Png-mng-security] security bug in png_handle_tRNS

Tom Lane tgl at sss.pgh.pa.us
Tue May 8 07:12:18 UTC 2007


Glenn Randers-Pehrson <glennrp at comcast.net> writes:
> It seems that a grayscale image with a malformed (bad CRC) tRNS chunk
> will crash libpng and mozilla.

Something that Red Hat's security folks will be demanding of me pretty
soon: can this be exploited to do anything more than just crash your
browser?  Right offhand it looks like it can only cause a null pointer
dereference, but maybe I'm missing something more interesting.

			regards, tom lane



More information about the png-mng-security-archive mailing list