FreeBSD : png -- libpng decompression denial of service (4fb5d2cd-4c77-11df-83fb-0015587e2cc1)
High Nessus Plugin ID 45584
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionA vulnerability in libpng can result in denial of service conditions when a remote attacker tricks a victim to open a specially crafted PNG file.
The PNG project describes the problem in an advisory :
Because of the efficient compression method used in Portable Network Graphics (PNG) files, a small PNG file can expand tremendously, acting as a 'decompression bomb'.
Malformed PNG chunks can consume a large amount of CPU and wall-clock time and large amounts of memory, up to all memory available on a system
SolutionUpdate the affected package.