Developers plug critical PNG graphic bug
Potential problem nipped in the bud
Posted in Developer, 29th June 2010 09:49 GMT
Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises
Developers have plugged a critical hole in a PNG reference library used by many browsers to render graphics file.
The 1.2.44 and 1.4.3 updates to the libpng open source reference library address a bug that, left unfixed, created a mechanism for hackers to inject code onto vulnerable systems.
Older versions of the Portable Network Graphics (PNG) format library contained a buffer overflow-style flaw.
The bug was discovered by developers at Mozilla. It's unclear which browsers supported the vulnerable library files.
Previous problems involving the rendering of PNG files have spawned drive-by download attacks, so the resolution of the latest problem at an early stage is to be welcomed.
In related news, developers also fixed a similar flaw in the libtiff library. Version 3.9.4 of the libtiff library plugs a buffer overflow bug that might be abused by specially crafted SubjectDistance tags, H Security reports. ®
Free whitepaper – Enabling Datacenter and Cloud Service Management for Mid-Tier Enterprises
Linux on the Desktop
Risk and Resilience
The Register Green Computing Report
The Register Webcast - Desktop Support : The Hub of IT
The Register Guide to Extended Validation
