[Png-mng-security] Cannot defend against overly lengthy PNG chunks

Glenn Randers-Pehrson glennrp at comcast.net
Thu Mar 13 03:31:51 UTC 2008


At 11:06 PM 3/12/2008 -0400, I wrote:
>
>There is a report on the libpng bug tracker at SourceForge
>that an accidentally overly large length value in the IHDR chunk
>will DoS a progressive PNG decoder.

I suppose we could discuss this openly in png-mng-implement, because
the vulnerability isn't really any worse than other known vulnerabilities
such as writing an IHDR chunk with width and height == 32k or so, which
will bring down some browsers such as Firefox.

What do you think?

Glenn



More information about the png-mng-security-archive mailing list