Developers plug critical PNG graphic bug
Potential problem nipped in the bud
Posted in Developer, 29th June 2010 09:49 GMT
Watch Now : Virtual Machine Movement with Hyper-V
Developers have plugged a critical hole in a PNG reference library used by many browsers to render graphics file.
The 1.2.44 and 1.4.3 updates to the libpng open source reference library address a bug that, left unfixed, created a mechanism for hackers to inject code onto vulnerable systems.
Older versions of the Portable Network Graphics (PNG) format library contained a buffer overflow-style flaw.
The bug was discovered by developers at Mozilla. It's unclear which browsers supported the vulnerable library files.
Previous problems involving the rendering of PNG files have spawned drive-by download attacks, so the resolution of the latest problem at an early stage is to be welcomed.
In related news, developers also fixed a similar flaw in the libtiff library. Version 3.9.4 of the libtiff library plugs a buffer overflow bug that might be abused by specially crafted SubjectDistance tags, H Security reports. ®
Send corrections
Data control in the cloud
The new Office Garage series:
Enabling efficient data center monitoring
Top 10 SIEM implementer’s checklist
