DV Hardware - bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!
   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
DarkVision Hardware - Daily tech news
May 21, 2019 
Main Menu
News archives

Who's Online
There are currently 76 people online.


Latest Reviews
Ewin Racing Flash gaming chair
Arctic BioniX F120 and F140 fans
Jaybird Freedom 2 wireless sport headphones
Ewin Racing Champion gaming chair
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset

Follow us

Critical security flaw discovered in PNG graphics library

Posted on Monday, November 16 2015 @ 13:24:47 CET by

Security researchers have discovered a critical security bug in the graphics processing library libpng. The bug enables attackers to trigger a buffer overflow via a manipulated PNG image file, and potentially allows all kinds of nasty stuff to happen. Various implementations of the libpng library are used across many platforms and are used by many applications including browsers, file browsers, music players, app stores, etc. Patches for the libpng library are available but it will likely take some time for software developers have updated every vulnerable application.
Libpng's custodian Glenn Randers-Pehrson asked for the CVE for the bug here. He writes:

“I request a CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.

“libpng versions 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64 were released today (12 November 2015) to fix this vulnerability. See libpng.sourceforge.net”.
Via: The Register



DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2019 DM Media Group bvba