VU#160448 - libpng integer overflow in image height processing

VU#160448 - libpng integer overflow in image height processing
Notes
Report a Vulnerability
Disclosure Guidance
VINCE
Carnegie Mellon University
Software Engineering Institute
CERT Coordination Center
Notes
Report a Vulnerability
Disclosure Guidance
VINCE
libpng integer overflow in image height processing
Vulnerability Note VU#160448
Original Release Date: 2004-08-04 | Last Revised: 2004-08-04
Overview
The Portable Network Graphics library (
libpng
) contains a remotely exploitable vulnerability which could cause affected applications to crash.
Description
The Portable Network Graphics (
PNG
) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
An integer overflow error exists in the handling of PNG image height within the
png_read_png()
function. As a result, a PNG image with excessive height may cause an integer overflow on a memory allocation and could cause the affected application to crash.
Multiple applications support the PNG image format including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, multiple applications will be affected by this issue in different ways.
Impact
An attacker could cause a vulnerable application to crash by supplying a specially-crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.
Solution
Apply a patch from the vendor
Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.
Vendor Information
Expand all
Apple Computer Inc.
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
MontaVista Software
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
libpng.org
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
This issue has been resolved in libpng version
1.2.6rc1
(release candidate 1). An older version of libpng containing the backported fixes,
1.0.16rc1
, is also available.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM
Not Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Not Affected
Vendor Statement
The AIX Operating System is not vulnerable to the issues discussed in CERT Vulnerability Notes VU#817368, VU#236656, VU#477512, VU#160448 and VU#286464.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Juniper Networks
Not Affected
Notified:  July 16, 2004
Updated: July 23, 2004
Status
Not Affected
Vendor Statement
Juniper Networks products are not susceptible to this vulnerability
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
NEC Corporation
Not Affected
Notified:  July 16, 2004
Updated: August 03, 2004
Status
Not Affected
Vendor Statement
sent on August 2, 2004
[Software Products]
* E-mail client software "WeMail"
(shareware developped by NEC Communication Systems,Ltd.)
- is NOT vulnerable.
It does not include any code originated from libPNG.
* We continue to try to investigate other products possibly affected
by these vulnerabilities.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
BSDI
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Conectiva
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Cray Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Debian
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Engarde
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
FreeBSD
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Fujitsu
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Hewlett-Packard Company
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Hitachi
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM eServer
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM-zSeries
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IMmunix
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Ingrian Networks
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
MandrakeSoft
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Microsoft Corporation
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
NETBSD
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Nokia
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Novell
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Openwall GNU/*/Linux
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Red Hat Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SCO
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SGI
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sequent
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sony Corporation
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SuSE Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sun Microsystems Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
TurboLinux
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Unisys
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Wind River Systems Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
eMC Corporation
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
View all 36 vendors
View less vendors
CVSS Metrics
Group
Score
Vector
Base
Temporal
Environmental
References
Acknowledgements
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Chad Dougherty and Damon Morda.
Other Information
CVE IDs:
CVE-2004-0599
Severity Metric:
0.97
Date Public:
2004-08-04
Date First Published:
2004-08-04
Date Last Updated:
2004-08-04 15:59 UTC
Document Revision:
18
About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement
Sponsored by
CISA.
Download PGP Key
Read CERT/CC Blog
Learn about Vulnerability Analysis
Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800
Office Locations
Additional Sites Directory
Legal
Privacy Notice
CMU Ethics Hotline
www.sei.cmu.edu
Contact SEI
Contact CERT/CC
412-268-5800
cert@cert.org