vulnerability bulletin CVE-2014-0333
libpng: infinite loop of IDAT
Synthesis of the vulnerability
An attacker can create a malicious PNG image, to generate an infinite loop during the analysis of IDAT by libpng, in order to trigger a denial of service.Impacted products: Fedora
, Unix (platform)
BID-65776, CVE-2014-0333, FEDORA-2014-4564, FEDORA-2014-6631, openSUSE-SU-2014:0358-1, VIGILANCE-VUL-14313, VU#684412.
Description of the vulnerability
The libpng library is used by several applications to decode or display PNG images.
The IDAT field of a PNG image contains image data. However, if this field is empty, the png_push_read_chunk() function of the pngpread.c file tries to indefinitely read data.
An attacker can therefore create a malicious PNG image, to generate an infinite loop during the analysis of IDAT by libpng, in order to trigger a denial of service.Complete Vigil@nce bulletin....
Share this bulletin
Computer vulnerabilities tracking service
Vigil@nce provides a networks vulnerabilities announce
. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications. Each administrator can customize the list of products for which he wants to receive vulnerability alerts. The Vigil@nce vulnerability database contains several thousand vulnerabilities.