This article is more than 1 year old
Developers plug critical PNG graphic bug
Potential problem nipped in the bud
Developers have plugged a critical hole in a PNG reference library used by many browsers to render graphics file.
The 1.2.44 and 1.4.3 updates to the libpng open source reference library address a bug that, left unfixed, created a mechanism for hackers to inject code onto vulnerable systems.
Older versions of the Portable Network Graphics (PNG) format library contained a buffer overflow-style flaw.
The bug was discovered by developers at Mozilla. It's unclear which browsers supported the vulnerable library files.
Previous problems involving the rendering of PNG files have spawned drive-by download attacks, so the resolution of the latest problem at an early stage is to be welcomed.
In related news, developers also fixed a similar flaw in the libtiff library. Version 3.9.4 of the libtiff library plugs a buffer overflow bug that might be abused by specially crafted SubjectDistance tags, H Security reports. ®