Wireshark · Ethereal-dev: [Ethereal-dev] Fun with zlib double-freeing

Ethereal-dev: [Ethereal-dev] Fun with zlib double-freeing

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Guy Harris <guy@xxxxxxxxxx>

Date: Mon, 11 Mar 2002 13:15:24 -0800

	http://www.linuxsecurity.com/advisories/redhat_advisory-1963.html

"The zlib library provides in-memory compression/decompression
functions.  The library is widely used throughout Linux and other
operating systems.

While performing tests on the gdk-pixbuf library, Matthias Clasen
created an invalid PNG image that caused libpng to crash.  Upon further
investigation, this turned out to be a bug in zlib 1.1.3 where certain
types of input will cause zlib to free the same area of memory twice
(called a "double free").

This bug can be used to crash any program that takes untrusted
compressed input.  Web browsers or email programs that display image
attachments or other programs that uncompress data are particularly
affected.  This vulnerability makes it easy to perform various
denial-of-service attacks against such programs."

Follow-Ups:
- Re: [Ethereal-dev] Fun with zlib double-freeing
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] [patch] "crash" in eapol
Next by Date: Re: [Ethereal-dev] Fun with zlib double-freeing
Previous by thread: Re: [Ethereal-dev] [patch] "crash" in eapol
Next by thread: Re: [Ethereal-dev] Fun with zlib double-freeing
Index(es):
- Date
- Thread