Flaws in Graphics Library Could Bring Attacks
Multiple vulnerabilities in an open-source image format reportedly could allow an attacker to execute arbitrary code in the context of a user viewing a malicious PNG image.A researcher performing a source-code audit on a popular graphics library has found multiple security vulnerabilities in it that could be used to crash programs or execute attack code. The PNG library (libpng) is a collection of graphics routines to manipulate PNG (portable network graphics) files. PNG (Portable Networks Graphic) is a graphics format that was designed many years ago as an alternative to the still more popular GIF format. Click here to read about fixes from the Mozilla Foundation and Opera.
According to the advisory, released by the OpenPKG Project, there is "a stack-based buffer overflow in libpng which can be triggered to run arbitrary code by a malicious png file."