Next Page >>
PNG image
This security bug affects Android SDK m3-rc37a and earlier versions.
Version m5-rc14 of the Android SDK includes a fix and is not vulnerable
to this bug.
#2 - PNG image parsing, multiple vulnerabilities:
The Portable Network Graphics (PNG) is a bitmapped image format that
employs lossless data compression [9]. PNG was created to improve upon
and replace the GIF format as an image file format that does not require
a patent license.
Multiple vulnerabilities has been discovered and corrected in libpng:
The png_format_buffer function in pngerror.c in libpng allows
remote attackers to cause a denial of service (application crash)
via a crafted PNG image that triggers an out-of-bounds read during
the copying of error-message data. NOTE: this vulnerability exists
because of a CVE-2004-0421 regression (CVE-2011-2501).
Buffer overflow in libpng, when used by an application that calls the
png_rgb_to_gray function but not the png_set_expand function, allows
occurred. If a carefully-crafted PNG file was loaded by an
application linked against libpng, it could cause the application
to crash or, potentially, execute arbitrary code with the
privileges of the user running the application.
A flaw was discovered in the way libpng handled PNG images
containing "unknown" chunks. If an application linked against libpng
attempted to process a malformed, unknown chunk in a malicious PNG
image, it could cause the application to crash.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
_______________________________________________________________________
Problem Description:
Thomas Pollet discovered an integer overflow vulnerability in the PNG
image handling filter in CUPS. This could allow a malicious user to
execute arbitrary code with the privileges of the user running CUPS,
or cause a denial of service by sending a specially crafted PNG image
to the print server (CVE-2008-1722).
The updated packages have been patched to correct this issue.
effect the necessary changes.
Details follow:
It was discovered that libpng did not properly perform bounds checking in
certain operations. An attacker could send a specially crafted PNG image and
cause a denial of service in applications linked against libpng. This issue
only affected Ubuntu 8.04 LTS. (CVE-2007-5268, CVE-2007-5269)
Tavis Ormandy discovered that libpng did not properly initialize memory. If a
user or automated system were tricked into opening a crafted PNG image, an
Impact
======
A remote attacker could entice a user to process a specially crafted
PNG image, possibly resulting in the execution of arbitrary code with
the privileges of the user running the application, or a Denial of
Service.
Workaround
==========
necessary changes.
Details follow:
Tielei Wang discovered that GStreamer Good Plugins did not correctly handle
malformed PNG image files. If a user were tricked into opening a crafted
PNG image file with a GStreamer application, an attacker could cause a
denial of service via application crash, or possibly execute arbitrary code
with the privileges of the user invoking the program.
to cause a denial of service (memory exhaustion) via a crafted PNG file
(CVE-2008-6218.
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x
before 1.4.3, as used in progressive applications, might allow remote
attackers to execute arbitrary code via a PNG image that triggers an
additional data row (CVE-2010-1205).
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before
1.4.3, allows remote attackers to cause a denial of service (memory
consumption and application crash) via a PNG image containing malformed
Description
===========
Thomas Pollet reported a possible integer overflow vulnerability in the
PNG image handling in the file filter/image-png.c.
Impact
======
A malicious user might be able to execute arbitrary code with the
Debian Bug : #632786 #633871
The PNG library libpng has been affected by several vulnerabilities. The
most critical one is the identified as CVE-2011-2690. Using this
vulnerability, an attacker is able to overwrite memory with an
arbitrary amount of data controlled by her via a crafted PNG image.
The other vulnerabilities are less critical and allow an attacker to
cause a crash in the program (denial of service) via a crafted PNG
image.
CVE Id(s) : CVE-2007-5503
Peter Valchev (Google Security) discovered a series of integer
overflow weaknesses in Cairo, a vector graphics rendering library used
by many other applications. If an application uses cairo to render a
maliciously-crafted PNG image, the vulnerability allows the execution
of arbitrary code.
For the stable distribution (etch), these problems have been fixed in
version 1.2.4-4.1+etch1.
Details follow:
It was discovered that libpng did not properly perform bounds checking
and comparisons in certain operations. An attacker could send a specially
crafted PNG image and cause a denial of service in applications linked
against libpng.
Updated packages for Ubuntu 6.06 LTS:
Multiple vulnerabilities has been found and corrected in
ocaml-camlimages:
Multiple integer overflows in CamlImages 2.2 and earlier might allow
context-dependent attackers to execute arbitrary code via a crafted
PNG image with large width and height values that trigger a heap-based
buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24
function (CVE-2009-2295).
Multiple integer overflows in CamlImages 2.2 might allow
context-dependent attackers to execute arbitrary code via images
A vulnerability has been found and corrected in libglpng:
Multiple integer overflows in glpng.c in glpng 1.45 allow
context-dependent attackers to execute arbitrary code via a crafted
PNG image, related to (1) the pngLoadRawF function and (2) the pngLoadF
function, leading to heap-based buffer overflows (CVE-2010-1519).
The updated packages have been patched to correct this issue.
_______________________________________________________________________
Impact
======
A remote attacker could entice a user to view or process a specially
crafted PNG image file in an application linked against Cairo, possibly
leading to the execution of arbitrary code with the privileges of the
user running the application.
Workaround
==========
We apologize for the inconvenience.
Original advisory details:
Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.
===========
Multiple integer overflows were reported, one of which Peter Valchev
(Google Security) found to be leading to a heap-based buffer overflow
in the cairo_image_surface_create_from_png() function that processes
PNG images.
Impact
======
A remote attacker could entice a user to view or process a specially
* hosted products are VMware Workstation, Player, ACE, Server, Fusion
g. Third Party Library libpng Updated to 1.2.29
Several flaws were discovered in the way third party library
libpng handled various PNG image chunks. An attacker could
create a carefully crafted PNG image file in such a way that
it causes an application linked with libpng to crash when the
file is manipulated.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
Background
==========
libpng is a standard library used to process PNG (Portable Network
Graphics) images. It is used by several programs, including web
browsers and potentially server processes.
Affected packages
=================
Background
==========
gif2png is a command line program that converts image files from the
Graphics Interchange Format (GIF) format to the Portable Network
Graphics (PNG) format.
Affected packages
=================
-------------------------------------------------------------------
After a standard system upgrade you need to restart your session to effect
the necessary changes.
Details follow:
Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.
_______________________________________________________________________
Problem Description:
Peter Valchev discovered that Cairo did not correctly decode PNG
image data. By tricking a user or automated system into processing
a specially crafted PNG with Cairo, a remote attacker could execute
arbitrary code with the privileges of the user opening the file.
The updated packages have been patched to correct this issue.
_______________________________________________________________________
several iconv and xmlrpc functions (CVE-2007-4840 and CVE-2007-4783),
in the setlocale() function (CVE-2007-4784), in the glob() and
fnmatch() function (CVE-2007-4782 and CVE-2007-3806), a floating point
exception in the wordwrap() function (CVE-2007-3998), a stack
exhaustion via deeply nested arrays (CVE-2007-4670), an infinite loop
caused by a specially crafted PNG image in the png_read_info() function
of libpng (CVE-2007-2756) and several issues related to array
conversion.
Impact
======
restrictions and add a large number of RSS subscriptions. This issue only
applied to Ubuntu 7.10 and 8.04 LTS. (CVE-2008-5184)
It was discovered that the PNG filter in CUPS did not properly handle certain
malformed images. If a user or automated system were tricked into opening a
crafted PNG image file, a remote attacker could cause a denial of service or
execute arbitrary code with user privileges. In Ubuntu 7.10, 8.04 LTS, and 8.10,
attackers would be isolated by the AppArmor CUPS profile. (CVE-2008-5286)
It was discovered that the example pstopdf CUPS filter created log files in an
insecure way. Local users could exploit a race condition to create or overwrite
Background
==========
libpng is a free ANSI C library used to process and manipulate PNG
images.
Affected packages
=================
-------------------------------------------------------------------
all the necessary changes.
Details follow:
It was discovered that libpng did not properly handle certain malformed PNG
images. If a user or automated system were tricked into opening a crafted
PNG file, an attacker could cause a denial of service or possibly execute
arbitrary code with the privileges of the user invoking the program.
(CVE-2010-1205)
It was discovered that libpng did not properly handle certain malformed PNG
objects (CVE-2012-0446).
Mozilla Firefox 4.x through 9.0, Thunderbird 5.0 through 9.0,
and SeaMonkey before 2.7 do not properly initialize data for
image/vnd.microsoft.icon images, which allows remote attackers to
obtain potentially sensitive information by reading a PNG image that
was created through conversion from an ICO image (CVE-2012-0447).
Mozilla Firefox before 3.6.26 and 4.x through 9.0, Thunderbird
before 3.1.18 and 5.0 through 9.0, and SeaMonkey before 2.7 allow
remote attackers to cause a denial of service (memory corruption and
Impact
======
A remote attacker could entice a user to open an HTML document
containing a specially crafted, large PNG image, possibly resulting in
the execution of arbitrary code with the privileges of the user running
the application.
Workaround
==========
We apologize for the inconvenience.
Original advisory details:
Peter Valchev discovered that Cairo did not correctly decode PNG image data.
By tricking a user or automated system into processing a specially crafted
PNG with Cairo, a remote attacker could execute arbitrary code with user
privileges.
Details follow:
It was discovered that libpng did not properly initialize memory when
decoding certain 1-bit interlaced images. If a user or automated system
were tricked into processing crafted PNG images, an attacker could possibly
use this flaw to read sensitive information stored in memory. This issue
only affected Ubuntu 6.06 LTS, 8.04 LTS, 8.10 and 9.04. (CVE-2009-2042)
It was discovered that libpng did not properly handle certain excessively
compressed PNG images. If a user or automated system were tricked into
Next Page>>
|
