[Png-mng-security] Cannot defend against overly lengthy PNG chunks

Bob Friesenhahn bfriesen at simple.dallas.tx.us
Thu Mar 13 03:54:09 UTC 2008


On Wed, 12 Mar 2008, Glenn Randers-Pehrson wrote:
> I suppose we could discuss this openly in png-mng-implement, because
> the vulnerability isn't really any worse than other known vulnerabilities
> such as writing an IHDR chunk with width and height == 32k or so, which
> will bring down some browsers such as Firefox.
>
> What do you think?

I think that would be fine.  There is a big difference between being 
able to make the software go into the weeds, or being able to 
overwrite bits of the stack or heap in intelligent ways in order to 
take control of the application, and possibly the OS.

Bob
======================================
Bob Friesenhahn
bfriesen at simple.dallas.tx.us, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/




More information about the png-mng-security-archive mailing list