The code to handle PNG files is a serious vulnerability. The problem that has been identified in libpng, the PNG library is used in a lot of software.
The leak was reported Friday by Glenn Randers-Pehrson. Thanks png files with manipulated image headers hackers are able to create a buffer overflow and allow applications to crash. An attacker could also execute malicious code when a successful attack.
A complicating factor is that many programs use the libpng library to display png files or save. They include the most web browsers, Android, image viewers, media players and virtually all Office programs.
Updates
It is expected that in the very short term already widespread abuse will be made of the leak. The libpng version 1.6.19, 5.1.24, 1.4.17, 1.2.54 and 1.0.64 which were released last week, are no longer vulnerable. These versions can be downloaded via libpng.sourceforge.net.
No comments:
Post a Comment