[Png-mng-security] Cannot defend against overly lengthy PNG chunks

John Bowler jbowler at acm.org
Thu Mar 13 04:31:12 UTC 2008


From: Glenn Randers-Pehrson
>>There is a report on the libpng bug tracker at SourceForge
>>that an accidentally overly large length value in the IHDR chunk
>>will DoS a progressive PNG decoder.
>
>I suppose we could discuss this openly in png-mng-implement, because
>the vulnerability isn't really any worse than other known vulnerabilities
>such as writing an IHDR chunk with width and height == 32k or so, which
>will bring down some browsers such as Firefox.
>
>What do you think?

I such discussion is fine.  It's a general problem if libpng doesn't deal
gracefully with very large chunks lengths, valid or not, but I don't see
that the possibility of a DoS attack by exploiting this should be a major
issue.  If it is a much more difficult to prevent attack would be a
carefully constructed very well compressed zTXT, or similar.

John Bowler <jbowler at acm.org>





More information about the png-mng-security-archive mailing list