Jump to content

Security Problem With Libpng Library


Miriam
 Share

Recommended Posts

Minor security package updates such as these are done transparently to end users.

 

Plus the level of exposure for a server that has this vulnerability is considerably low. First, it only allows execution of code as the user the process is running as, and it requires the ability for a user to introduce a malicious .png file to the server and get the server to process the file using the png libraries. This would generally only potentially apply if someone has something like an application that does png conversions from an untrusted source, such as allowing anyone to upload files.

 

This vulnerability is more of an issue for client machines that are using libpng (desktop linux, *bsd, etc...) as you could be targetted by websites hosting malicious .png files when you browse them.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...