[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] libpng buffer overflow



Topic
=====
buffer overflow in PNG library

Problem description
===================
The libpng package contains a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files. PNG
is a bit-mapped graphics format similar to the GIF format.

Versions 1.0.x and 1.2.y of libpng prior to 1.0.14 and 1.2.4 contain a
buffer overflow in the progressive reader when the PNG datastream contains
more IDAT data than indicated by the IHDR chunk.  Such deliberately malformed
datastreams would crash applications that are linked to libpng and that use
the progressive reading feature. Mozilla is such an application.

Potentially, this vulnerability could also allow an attacker to execute
aribitrary code. Since libpng is used by many programs, particularly
web browsers, upgrading to a fixed version is strongly advised.

As long as your Linux distribution uses a shared libpng library
(libpng.so instead of libpng.a) it is sufficient to upgrade the library
only. After the upgrade you should restart all applications that 
use libpng and are currently running. You can obtain a list of such
programs by running "fuser -v /usr/lib/libpng.so" (assuming that
your libpng.so is located in /usr/lib).

Affected Systems
================
all systems that use a version of libpng before 1.0.x, x < 14
and 1.2.y, y < 4.

Not Affected
============
Debian 2.2 (potato)

Solution
========
upgrade to version 1.0.14 or 1.2.4 (or patched version for your
distribution)

RedHat 6.x
----------
rpm -Fvh libpng-1.0.14-0.6x.3.i386.rpm libpng-devel-1.0.14-0.6x.3.i386.rpm

RedHat 7.0
----------
rpm -Fvh libpng-1.0.14-0.70.1.i386.rpm libpng-devel-1.0.14-0.70.1.i386.rpm

RedHat 7.1, 7.2, 7.3
--------------------
rpm -Fvh libpng-1.0.14-0.7x.3.i386.rpm libpng-devel-1.0.14-0.7x.3.i386.rpm

Mandrake 7.1
------------
rpm -Fvh libpng-1.0.5-2.1mdk.i586.rpm libpng-devel-1.0.5-2.1mdk.i586.rpm

Mandrake 7.2
------------
rpm -Fvh libpng-1.0.8-2.1mdk.i586.rpm libpng-devel-1.0.8-2.1mdk.i586.rpm

Mandrake 8.0
------------
rpm -Fvh libpng2-1.0.9-1.1mdk.i586.rpm libpng2-devel-1.0.9-1.1mdk.i586.rpm

Mandrake 8.1
------------
rpm -Fvh libpng2-1.0.12-2.1mdk.i586.rpm libpng2-devel-1.0.12-2.1mdk.i586.rpm

Mandrake 8.2
------------
rpm -Fvh libpng3-1.2.4-3.1mdk.i586.rpm \
         libpng3-devel-1.2.4-3.1mdk.i586.rpm \
         libpng3-static-devel-1.2.4-3.1mdk.i586.rpm

Debian 3.0 (woody)
------------------
upgrade to libpng3_1.2.1-1.1.woody.2_i386.deb,
           libpng-dev_1.2.1-1.1.woody.2_i386.deb,
           libpng2_1.0.12-3.woody.2_i386.deb,
           libpng2-dev_1.0.12-3.woody.2_i386.deb