png -- multiple vulnerabilities

2007-10-08T00:00:00
ID 172ACF78-780C-11DC-B3F4-0016179B2DD5
Type freebsd
Reporter FreeBSD
Modified 2007-10-08T00:00:00

Description

A Secunia Advisory reports:

Some vulnerabilities have been reported in libpng, which can be exploited by malicious people to cause a DoS (Denial of Service). Certain errors within libpng, including a logical NOT instead of a bitwise NOT in pngtrtran.c, an error in the 16bit cheap transparency extension, and an incorrect use of sizeof() may be exploited to crash an application using the library. Various out-of-bounds read errors exist within the functions png_handle_pCAL(), png_handle_sCAL(), png_push_read_tEXt(), png_handle_iTXt(), and png_handle_ztXt(), which may be exploited by exploited to crash an application using the library.

The vulnerability is caused due to an off-by-one error within the ICC profile chunk handling, which potentially can be exploited to crash an application using the library.