CERT RENATER
Nous contacter
- Mail : cert@support.renater.fr
- Web : Pages du CERT
- Tél : 01.53.94.20.44
- Fax : 01.53.94.20.31
==================================================================== CERT-Renater Note d'Information No. 2007/VULN259 _____________________________________________________________________ DATE : 25/05/2007 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running libpng. ====================================================================== Vulnerability Note VU#684664 libpng denial of service vulnerability Overview The libpng library contains a denial-of-service vulnerability. I. Description The libpng library can be used to allow other applications to render PNG images. The libpng library contains a denial-of-service vulnerability. From the Libpng-1.2.16-ADVISORY: This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise. The reason is that png_ptr->num_trans is set to 1 and then there is an error return after checking the CRC, so the trans[ ] array is never allocated. Since png_ptr->num_trans is nonzero, libpng tries to use the array later. An attacker may be able to exploit this vulnerability by convincing a user to open a specially crafted PNG image. The malicious image may be hosted on a website, or sent as an email attachment. II. Impact A remote, unauthenticated attacker may be able to create a denial-of-service condition. III. Solution Upgrade The libpng team has released a patch for libpng 1.0.25 and 1.2.17 to address this vulnerability. Administrators are encouraged to upgrade as soon as possible. Administrators who receive the libpng library from their operating system vendor should see the systems affected portion of this document for a list of affected vendors. Systems Affected Vendor Status Date Updated Apple Computer, Inc. Unknown 8-May-2007 Conectiva Inc. Unknown 8-May-2007 Cray Inc. Unknown 8-May-2007 Debian GNU/Linux Unknown 8-May-2007 EMC, Inc. (formerly Data General Corporation) Unknown 8-May-2007 Engarde Secure Linux Unknown 8-May-2007 F5 Networks, Inc. Unknown 8-May-2007 Fedora Project Unknown 8-May-2007 FreeBSD, Inc. Unknown 8-May-2007 Fujitsu Unknown 8-May-2007 Gentoo Linux Vulnerable 16-May-2007 Hewlett-Packard Company Unknown 8-May-2007 Hitachi Unknown 8-May-2007 IBM Corporation Unknown 8-May-2007 IBM Corporation (zseries) Unknown 8-May-2007 IBM eServer Unknown 23-May-2007 Immunix Communications, Inc. Unknown 8-May-2007 Ingrian Networks, Inc. Unknown 8-May-2007 Juniper Networks, Inc. Unknown 8-May-2007 libpng Vulnerable 16-May-2007 Mandriva, Inc. Unknown 8-May-2007 Microsoft Corporation Unknown 8-May-2007 MontaVista Software, Inc. Unknown 8-May-2007 Mozilla Unknown 8-May-2007 NEC Corporation Unknown 8-May-2007 NetBSD Unknown 8-May-2007 Nokia Unknown 8-May-2007 Novell, Inc. Unknown 8-May-2007 OpenBSD Unknown 8-May-2007 Openwall GNU/*/Linux Unknown 8-May-2007 QNX, Software Systems, Inc. Unknown 8-May-2007 Red Hat, Inc. Vulnerable 18-May-2007 Silicon Graphics, Inc. Unknown 8-May-2007 Slackware Linux Inc. Unknown 8-May-2007 Sony Corporation Unknown 8-May-2007 Sun Microsystems, Inc. Unknown 8-May-2007 SUSE Linux Unknown 8-May-2007 The SCO Group Unknown 8-May-2007 Trustix Secure Linux Unknown 8-May-2007 Turbolinux Unknown 8-May-2007 Ubuntu Unknown 8-May-2007 Unisys Unknown 8-May-2007 Wind River Systems, Inc. Unknown 8-May-2007 References http://sourceforge.net/project/showfiles.php?group_idV24 http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt http://secunia.com/advisories/25292/ Credit Thanks to the libpng team for information that was used in this report. This document was written by Ryan Giobbi. Other Information Date Public 05/16/2007 Date First Published 05/16/2007 01:46:37 PM Date Last Updated 05/23/2007 CERT Advisory CVE Name CVE-2007-2445 Metric 3.86 Document Revision 15 If you have feedback, comments, or additional information about this vulnerability, please send us email. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================