[Png-mng-security] pCAL reading past buffer end
Tavis Ormandy
taviso at sdf.lonestar.org
Mon Sep 24 03:00:27 UTC 2007
On Sat, Sep 22, 2007 at 09:29:20AM -0700, Greg Roelofs wrote:
> Hey Tavis,
>
> > This bug was found with flayer, http://code.google.com/p/flayer/
>
> Amusingly enough, we were just discussing it (and you) on Tuesday. Glenn
> came across a blog entry mentioning it in relationship to libpng, libtiff,
> etc.
>
Ahh! libpng is a really great target for flayer, so I'm gradually
working on exploring as much of the code with it as possible, its a
pretty slow process, but much more useful than static analysis (where in
the unlikely event that a legitimate bug is found, its buried in a sea
of false positives).
But libpng is such clean, well organised code that its very easy to work
with.
If anything else turns up, I'll let you know :)
Thanks, Tavis.
--
-------------------------------------
taviso at sdf.lonestar.org | finger me for my pgp key.
-------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 238 bytes
Desc: not available
URL: <http://lists.osuosl.org/pipermail/png-mng-security-archive/attachments/20070924/bf77081a/attachment.asc>
More information about the png-mng-security-archive
mailing list