FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

png -- DoS crash vulnerability

Affected packages
png < 1.2.17


VuXML ID 4cb9c513-03ef-11dc-a51d-0019b95d4f14
Discovery 2007-05-15
Entry 2007-05-16

A Libpng Security Advisory reports:

A grayscale PNG image with a malformed (bad CRC) tRNS chunk will crash some libpng applications.

This vulnerability could be used to crash a browser when a user tries to view such a malformed PNG file. It is not known whether the vulnerability could be exploited otherwise.


CERT/CC Vulnerability Note 684664
CVE Name CVE-2007-2445