FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

png -- DoS crash vulnerability

Affected packages
png < 1.2.17

Details

VuXML ID 4cb9c513-03ef-11dc-a51d-0019b95d4f14
Discovery 2007-05-15
Entry 2007-05-16

A Libpng Security Advisory reports:

A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications.

This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise.

References

CERT/CC Vulnerability Note 684664
CVE Name CVE-2007-2445
URL http://www.mirrorservice.org/sites/download.sourceforge.net/pub/sourceforge/l/li/libpng/libpng-1.2.17-ADVISORY.txt