VU#236656 - libpng png_handle_iCCP() NULL pointer dereference

VU#236656 - libpng png_handle_iCCP() NULL pointer dereference
Notes
Report a Vulnerability
Disclosure Guidance
VINCE
Carnegie Mellon University
Software Engineering Institute
CERT Coordination Center
Notes
Report a Vulnerability
Disclosure Guidance
VINCE
libpng png_handle_iCCP() NULL pointer dereference
Vulnerability Note VU#236656
Original Release Date: 2004-08-04 | Last Revised: 2007-07-21
Overview
The Portable Network Graphics library (
libpng
) contains a remotely exploitable vulnerability that could cause affected applications to crash.
Description
The Portable Network Graphics (
PNG
) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
Under some circumstances, a null pointer may be dereferenced during a memory allocation in the
png_handle_iCCP()
function. As a result, a PNG file with particular characteristics could cause the affected application to crash. Similar errors are reported to exist in other locations within libpng.
Multiple applications support the PNG image format, including web browsers, email clients, and various graphic utilities. Because multiple products have used the libpng reference library to implement native PNG image processing, applications will be affected by this issue in different ways.
Impact
An attacker could cause a vulnerable application to crash by supplying a specially crafted PNG image. Vulnerable applications that read images from network sources could be exploited remotely.
Solution
Apply a patch from the vendor
Patches have been released to address this vulnerability. Please see the Systems Affected section of this document for more details.
Vendor Information
Expand all
Apple Computer, Inc.
Affected
Notified:  July 16, 2004
Updated: June 01, 2005
Status
Affected
Vendor Statement
APPLE-SA-2004-09-09 Mac OS X 10.3.5
Mac OS X 10.3.5 is now available and delivers security enhancements
for the following components:
Component: libpng (Portable Network Graphics)
CVE-IDs: CAN-2002-1363, CAN-2004-0421, CAN-2004-0597,
CAN-2004-0598, CAN-2004-0599
Impact: Malicious png images can cause application crashes and could
execute arbitrary code
Description: A number of buffer overflows, null pointer dereferences
and integer overflows have been discovered in the reference library
for reading and writing PNG images. These vulnerabilities have been
corrected in libpng which is used by the CoreGraphics and AppKit
frameworks in Mac OS X. After installing this update, applications
that use the PNG image format via these frameworks will be protected
against these flaws.
Note: The libpng security fixes are also available separately for Mac
OS X 10.3.4 and Mac OS X 10.2.8 via Security Update 2004-08-09.
Mac OS X 10.3.5 may be obtained from the Software Update
pane in System Preferences, or Apple's Software Downloads web site:
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Debian Linux
Affected
Notified:  July 16, 2004
Updated: August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Gentoo
Affected
Updated:  August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Hewlett-Packard Company
Affected
Notified:  July 16, 2004
Updated: August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Mandriva, Inc.
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
MandrakeSoft has published Mandrake Security Advisory
MDKSA-2004:079
in response to this issue. Users are encouraged to review this advisory and apply the patches it refers to.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Mandriva, Inc.
Affected
Notified:  July 16, 2004
Updated: August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
MontaVista Software, Inc.
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
OpenPKG
Affected
Updated:  August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Red Hat, Inc.
Affected
Notified:  July 16, 2004
Updated: August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SUSE Linux
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Slackware
Affected
Updated:  August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sun Microsystems, Inc.
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Trustix Secure Linux
Affected
Updated:  August 20, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
libpng.org
Affected
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
This issue has been resolved in libpng version
1.2.6rc1
(release candidate 1). An older version of libpng containing the backported fixes,
1.0.16rc1
, is also available.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Hitachi
Not Affected
Notified:  July 16, 2004
Updated: August 20, 2004
Status
Not Affected
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Juniper Networks, Inc.
Not Affected
Notified:  July 16, 2004
Updated: July 23, 2004
Status
Not Affected
Vendor Statement
Juniper Networks products are not susceptible to this vulnerability
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
NEC Corporation
Not Affected
Notified:  July 16, 2004
Updated: August 03, 2004
Status
Not Affected
Vendor Statement
sent on August 2, 2004
[Software Products]
* E-mail client software "WeMail"
(shareware developped by NEC Communication Systems,Ltd.)
- is NOT vulnerable.
It does not include any code originated from libPNG.
* We continue to try to investigate other products possibly affected
by these vulnerabilities.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Berkeley Software Design, Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Cray Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Engarde
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
FreeBSD, Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Fujitsu
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM Corporation
Unknown
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM eServer
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
IBM-zSeries
Unknown
Notified:  July 16, 2004
Updated: August 20, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Immunix
Unknown
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Ingrian Networks, Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Microsoft Corporation
Unknown
Notified:  July 16, 2004
Updated: August 04, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
NETBSD
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Nokia
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Novell, Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Openwall GNU/*/Linux
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SCO
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
SGI
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sequent Computer Systems, Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Sony Corporation
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
TurboLinux
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Unisys
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
Wind River Systems, Inc.
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
eMC Corporation
Unknown
Updated:  July 23, 2004
Status
Unknown
Vendor Statement
We have not received a statement from the vendor.
Vendor Information
The vendor has not provided us with any further information regarding this vulnerability.
Addendum
The CERT/CC has no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us
email
View all 40 vendors
View less vendors
CVSS Metrics
Group
Score
Vector
Base
Temporal
Environmental
References
Acknowledgements
Thanks to Chris Evans for reporting this vulnerability.
This document was written by Chad Dougherty and Damon Morda.
Other Information
CVE IDs:
CVE-2004-0598
Severity Metric:
1.05
Date Public:
2004-08-04
Date First Published:
2004-08-04
Date Last Updated:
2007-07-21 02:33 UTC
Document Revision:
17
About vulnerability notes
Contact us about this vulnerability
Provide a vendor statement
Sponsored by
CISA.
Download PGP Key
Read CERT/CC Blog
Learn about Vulnerability Analysis
Carnegie Mellon University
Software Engineering Institute
4500 Fifth Avenue
Pittsburgh, PA 15213-2612
412-268-5800
Office Locations
Additional Sites Directory
Legal
Privacy Notice
CMU Ethics Hotline
www.sei.cmu.edu
Contact SEI
Contact CERT/CC
412-268-5800
cert@cert.org