[nycphp-talk] FW: Vulnerability in PNG image format (Linux / OSX)
Hans Zaunere
hans at nyphp.com
Thu Aug 5 14:27:47 EDT 2004
FYI
> The US-CERT announced a vulnerability in libpng, the library that
> handles processing for PNG images in many unix-like operating systems.
> PNG is a fairly popular image file format which is equivalent to GIF,
> and found on many web sites and in some email messages.
>
> The US-CERT says:
>
> "A remote attacker could cause an application to crash or potentially
> execute arbitrary code by convincing a victim user to visit a
malicious
> web site or view an email message containing a malformed image."
>
> At this time Linux and Apple OSX appear to be vulnerable, as do the
> Mozilla suite of web browsers and email clients. RedHat has issued a
> patch along with some other Linux vendors, but Apple has not yet
> released a patch. Be sure to check for updates in the coming hours
and
> days until this issue is resolved.
>
> For more details about this vulnerability read the US-CERT's advisory:
>
> http://www.us-cert.gov/cas/techalerts/TA04-217A.html
More information about the talk
mailing list