News Image flaw pierces PC security

Now pictures could be the perpetrators of attacks - and it looks like nobody's safe. This from News.com:

Six vulnerabilities in an open-source image format could allow intruders to compromise computers running Linux and may allow attacks against Windows PCs as well as Macs running OS X.

The security issues appear in a library supporting the portable network graphics (PNG) format, used widely by programs such as the Mozilla and Opera browsers and various e-mail clients. The most critical issue, a memory problem known as a buffer overflow, could allow specially created PNG graphics to execute a malicious program when the application loads the image.

Among the programs that use libPNG and are likely to be affected by the flaws are the Mail application on Apple Computer's Mac OS X, the Opera and Internet Explorer browsers on Windows, and the Mozilla and Netscape browsers on Solaris, according to independent security researcher Chris Evans, who discovered the issues. Apple and Microsoft could not immediately be reached for comment. Evans did not test every platform to check which vulnerabilities work, he said.

More here

What's next? Malicious Movies?

 

REF: See "Induce Act".

 

REF: See "Dodgy pr0n downloaded from kazaa"

 

I've known media player call up webpages from playing certain video files.

 

ROFLAMO

Cough... Winamp... Cough

A virus that spreads through MP3 files. Thats a scary idea.

 

bet MS released this to the press (because their crappy browser doesn't support PNGs)

 

lmao i can see bill gates running around on the streets with his little pres release shouting desperatly 'LOOK LOOK, THEY HAVE PROBLEMS TOO' 'COME BACK TO MICROSOFT, WE DONT EVEN SUPPORT PGN!!!'

 

Hang on, PNG? But everyone else is talking about Jpegs:

http://www.wired.com/news/infostructure/0,1377,64959,00.html?tw=wn_tophead_8
http://www.newsfactor.com/story.xht...Issues-Patch-for-Graphics-Flaw&story_id=26969
http://www.news24.com/News24/Technology/News/0,,2-13-1443_1589611,00.html

Edit:
Ah ok, I didn't realise the difference in dates of this thread and this thread:
http://forums.bit-tech.net/showthread.php?t=69582

 

It does support PNGs, it just does it badly. No alpha transparency, which is one of its best features!

 

the support doesn't really count in my opinion - as a demo, look at http://www.jazzle.co.uk/2005 (using IE of course)- grey block?! that's not supposed to be there! (I know there are work-arounds)

 

Microsoft needs to fix its PNG support, why they insist on ignoring the pleas of thousands of webmasters demanding full support is beyond me. It cannot be that hard to implement surely! They managed full GIF and JPEG support after all.

Maybe it's something to do with hating open software. PNG is an open format after all, no patents to worry about.