Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
Vigil@nce team describes computer vulnerabilities impacting your systems, and offers solutions to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin CVE-2010-0205

libpng: denial of service during the decompression

Synthesis of the vulnerability

An attacker can create an extremely compressed image, and invite the victim to open it with libpng, in order to generate a denial of service on his computer.
Severity: 2/4.
Creation date: 03/03/2010.

Description of the vulnerability

A PNG image can contain ancillary chunks:
 - zTXt : compressed text
 - iTXt : international text, which can be compressed
 - iCCP : name of the color correction profile, which can be compressed
 - etc.

When libpng analyzes a PNG image containing compressed chunks, the png_decompress_chunk() function does not enforce limits on the uncompressed size, nor on the used CPU resources. For example, a compressed zTXt chunk of 17 kb can be uncompressed to 5 Mb, and a compressed iCCP chunk of 50 kb can be uncompressed to 60 Mb.

An attacker can therefore create an extremely compressed image, and invite the victim to open it with libpng, in order to generate a denial of service on his computer.

Complete Vigil@nce bulletin

Access to the complete Vigil@nce bulletin

Characteristics

Title: libpng: denial of service during the decompression.
Keywords: CPU PNG decompression denial during iCCP iTXt libpng png_decompress_chunk service zTXt.
Identifiers: BID-38478, CVE-2010-0205, DSA-2032-1, FEDORA-2010-2988, FEDORA-2010-3375, FEDORA-2010-3414, FEDORA-2010-4616, FEDORA-2010-4673, FEDORA-2010-4683, MDVSA-2010:063, MDVSA-2010:064, RHSA-2010:0534-01, SUSE-SR:2010:011, SUSE-SR:2010:012, SUSE-SR:2010:013, VIGILANCE-VUL-9488, VU#576029.

Information sources

Publications and announces
Source example: Defending Libpng Applications Against Decompression Bombs

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system.
The Vigil@nce vulnerability database contains several thousand vulnerabilities.
This bulletin is published by the Vigil@nce team, which tracks computer vulnerabilities impacting systems and applications.
Computer vulnerability database



















France Télécom Copyright 1999-2010 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française