[Png-mng-security] patch for zero-length unknown chunk bug
Tavis Ormandy
taviso at sdf.lonestar.org
Mon Apr 7 17:54:50 UTC 2008
On Sat, Apr 05, 2008 at 11:15:46PM -0400, Glenn Randers-Pehrson wrote:
>
> After applying the patch to libpng-1.2.26, pngtest runs successfully. It does not copy the problematic cmOD chunk because it is not copy-safe. I have not tested with a zero-length copy-safe chunk, and I have not tested the progressive reader.
>
> Firefox seems to be immune to this problem, although I have not tested it while using the "system" libpng instead of the embedded one, which has the buggy unknown_chunk code #ifdef'ed out.
>
Thanks Glenn, I tested the patch here, it works perfectly. I allocated
CVE-2007-6070 for this issue, feel free to use it.
Thanks, Tavis.
--
-------------------------------------
taviso at sdf.lonestar.org | finger me for my gpg key.
-------------------------------------------------------
More information about the png-mng-security-archive
mailing list