[Png-mng-security] Cannot defend against overly lengthy PNG chunks
John Bowler
jbowler at acm.org
Thu Mar 13 04:31:12 UTC 2008
From: Glenn Randers-Pehrson
>>There is a report on the libpng bug tracker at SourceForge
>>that an accidentally overly large length value in the IHDR chunk
>>will DoS a progressive PNG decoder.
>
>I suppose we could discuss this openly in png-mng-implement, because
>the vulnerability isn't really any worse than other known vulnerabilities
>such as writing an IHDR chunk with width and height == 32k or so, which
>will bring down some browsers such as Firefox.
>
>What do you think?
I such discussion is fine. It's a general problem if libpng doesn't deal
gracefully with very large chunks lengths, valid or not, but I don't see
that the possibility of a DoS attack by exploiting this should be a major
issue. If it is a much more difficult to prevent attack would be a
carefully constructed very well compressed zTXT, or similar.
John Bowler <jbowler at acm.org>
More information about the png-mng-security-archive
mailing list