lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <Pine.LNX.4.10.10709251123170.9930-101000@linux.localnet>
Date: Tue, 25 Sep 2007 11:32:37 +0200 (CEST)
From: rocheml@...rack.com
To: bugtraq@...urityfocus.com
Subject: Possible Windows Explorer bad PNG file preview integer overflow
 handling

Hi folks,

Can anyone confirm that the attached PNG file is causing Explorer to eat
100% CPU, and if this is a known issue ?

(Currently tested with an up-to-date Windows XP and Windows Vista)

The probable cause is an integer overflow in the PNG chunk size handling,
which is 32-bit large, and which can cause a 32-bit counter to overflow
when specifically designed for (the attached file contains an tEXt chunk
which is 0xfffffff4 bytes large), leading to bypass size checking and
causing counters to go backward.

(Other applications handling PNG files might be affected)


Regards,
Xavier Roche



Download attachment "badlycrafted.png" of type "APPLICATION/octet-stream" (731 bytes)

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ