[Png-mng-security] Cannot defend against overly lengthy PNG chunks
Glenn Randers-Pehrson
glennrp at comcast.net
Thu Mar 13 03:31:51 UTC 2008
At 11:06 PM 3/12/2008 -0400, I wrote:
>
>There is a report on the libpng bug tracker at SourceForge
>that an accidentally overly large length value in the IHDR chunk
>will DoS a progressive PNG decoder.
I suppose we could discuss this openly in png-mng-implement, because
the vulnerability isn't really any worse than other known vulnerabilities
such as writing an IHDR chunk with width and height == 32k or so, which
will bring down some browsers such as Firefox.
What do you think?
Glenn
More information about the png-mng-security-archive
mailing list