DV Hardware bringing you the hottest news about processors, graphics cards, Intel, AMD, NVIDIA, hardware and technology!

   Home | News submit | News Archives | Reviews | Articles | Howto's | Advertise
 
DarkVision Hardware - Daily tech news
August 22, 2017 
Main Menu
Home
Info
News archives
Articles
Howto
Reviews
 

Who's Online
There are currently 65 people online.

 

Latest Reviews
Zowie P-TF Rough mousepad
Zowie FK mouse
BitFenix Ronin case
Ozone Rage ST headset
Lamptron FC-10 SE fan controller
ZOWIE G-TF Rough mousepad
ROCCAT Isku FX gaming keyboard
Prolimatech Magnetic Pin
 

Follow us
RSS
 

Critical security flaw discovered in PNG graphics library

Posted on Monday, November 16 2015 @ 13:24:47 CET by


Security researchers have discovered a critical security bug in the graphics processing library libpng. The bug enables attackers to trigger a buffer overflow via a manipulated PNG image file, and potentially allows all kinds of nasty stuff to happen. Various implementations of the libpng library are used across many platforms and are used by many applications including browsers, file browsers, music players, app stores, etc. Patches for the libpng library are available but it will likely take some time for software developers have updated every vulnerable application.
Libpng's custodian Glenn Randers-Pehrson asked for the CVE for the bug here. He writes:

“I request a CVE for a vulnerability in libpng, all versions, in the png_set_PLTE/png_get_PLTE functions. These functions failed to check for an out-of-range palette when reading or writing PNG files with a bit_depth less than 8. Some applications might read the bit depth from the IHDR chunk and allocate memory for a 2^N entry palette, while libpng can return a palette with up to 256 entries even when the bit depth is less than 8.

“libpng versions 1.6.19, 1.5.24, 1.4.17, 1.2.54, and 1.0.64 were released today (12 November 2015) to fix this vulnerability. See libpng.sourceforge.net”.
Via: The Register



 



 

DV Hardware - Privacy statement
All logos and trademarks are property of their respective owner.
The comments are property of their posters, all the rest © 2002-2017 DM Media Group bvba