Image flaw pierces PC security

[Gary Stoneburner <gary.stoneburner@nist.gov>]

re:
http://zdnet.com.com/2100-1105_2-5298999.html

"The security issues appear in a library supporting the portable
network graphics (PNG) format, used widely by programs such as the
Mozilla and Opera browsers and various e-mail clients. The most critical
issue, a memory problem known as a buffer overflow, could allow specially
created PNG graphics to execute a malicious program when the application
loads the image. "

"Among the programs that use libPNG and are likely to be affected by
the flaws are the Mail application on Apple Computer's Mac OS X, the
Opera and Internet Explorer browsers on Windows, and the Mozilla and
Netscape browsers on Solaris, according to independent security
researcher Chris Evans, who discovered the issues."

"The Mozilla Foundation, the group that manages development of the
Mozilla and Firefox browsers and the Thunderbird e-mail client, patched
the flaws Wednesday, the same day news of the vulnerabilities was made
public. Microsoft continues to study the issue, a representative of the
software giant said late Thursday. "

Another, non-security program resulting in a security issue 
:-).

Cheers,
Gary

**************************************************************************
* Opinions expressed are not intended to reflect an official position
**************************************************************************
* Gary Stoneburner
* Computer Security Division, National Institute of Standards & Technology
* 100 Bureau Drive, Stop 8930, Gaithersburg, MD 20899-8930         
* Phone: 301-975-5394, FAX: 301-948-0279, Email: Stoneburner@nist.gov
* http://csrc.nist.gov/staff/stoneburner/gshome.html
**************************************************************************