[Png-mng-security] Cannot defend against overly lengthy PNG chunks
Bob Friesenhahn
bfriesen at simple.dallas.tx.us
Thu Mar 13 03:54:09 UTC 2008
On Wed, 12 Mar 2008, Glenn Randers-Pehrson wrote:
> I suppose we could discuss this openly in png-mng-implement, because
> the vulnerability isn't really any worse than other known vulnerabilities
> such as writing an IHDR chunk with width and height == 32k or so, which
> will bring down some browsers such as Firefox.
>
> What do you think?
I think that would be fine. There is a big difference between being
able to make the software go into the weeds, or being able to
overwrite bits of the stack or heap in intelligent ways in order to
take control of the application, and possibly the OS.
Bob
======================================
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
More information about the png-mng-security-archive
mailing list