Info

Disclosure

Aug 04, 2004

Discovery

Unknown

Dates

Exploit

Aug 04, 2004

Solution

Unknown

Description

A remote overflow exists in libpng. The library function png_handle_tRNS fails to perform a length check on PNG images resulting in a buffer overflow. With a specially crafted PNG file, an attacker can cause the execution of code resulting in a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: OSVDB Verified

Solution

Upgrade to version 1.2.6 release candidate 1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Users of the older 1.0 series should upgrade to libpng-1.0.16 release candidate 1 or higher.

Products

PNG Development Group	libpng	1.0.15
		1.2.5

ImageMagick Studio LLC

ImageMagick

6.0.0-2

GraphicsMagick Group

GraphicsMagick

1.1.2

Microsoft Corporation	MSN Messenger	5.0
		6.1
		6.2

References

Security Tracker: 1010854
ISS X-Force ID: 10925 19252
Secunia Advisory ID: 12219 12220 12221 12222 12223 12232 12234 12240 12248 12249 12283 12354 12810 13291 13341 15432 17645 22957 22958
CVE ID: 2004-0597 (see also: NVD)
CERT VU: 388984 817368
Milw0rm: 389 393
Exploit Database: 389 393
SCIP VulDB ID: 779
Related OSVDB ID: 8312 8313 8314 8315 8316
Microsoft Knowledge Base Article: 890261
Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://bugzilla.mozilla.org/show_bug.cgi?id=251381
http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000564
http://docs.info.apple.com/article.html?artnum=61798
http://lists.debian.org/debian-security-announce/debian-security-announce-2004/msg00139.html
http://www.gentoo.org/security/en/glsa/glsa-200408-03.xml
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:079
http://www.mandriva.com/security/advisories?name=MDKSA-2006:212
http://www.mandriva.com/security/advisories?name=MDKSA-2006:213
http://www.redhat.com/archives/fedora-announce-list/2004-August/msg00005.html
http://www.redhat.com/archives/fedora-announce-list/2004-August/msg00006.html
http://www.suse.de/de/security/2004_23_libpng.html
Other Advisory URL: ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.16/SCOSA-2004.16.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.25/SCOSA-2005.25.txt http://scary.beasts.org/security/CESA-2004-001.txt
http://security.gentoo.org/glsa/glsa-200408-22.xml
http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57617
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57683-1
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:082
http://www4.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTU01063
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-08/0026.html
http://archives.neohapsis.com/archives/bugtraq/2005-02/0034.html
Vendor URL: http://www.imagemagick.org/
Microsoft Security Bulletin: MS05-009
CIAC Advisory: o-192
RedHat RHSA: RHSA-2004-421 RHSA-2004:402-08
Keyword: SCOSA-2005.49
US-CERT Cyber Security Alert: TA04-217A

Credit

Chris Evans - chrisscary.beasts.org -

Direct URL: http://osvdb.org/8326

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

PNG Development Group

libpng

ImageMagick Studio LLC

ImageMagick

GraphicsMagick Group

GraphicsMagick

Microsoft Corporation

MSN Messenger

References

Credit