Saturday, July 31, 2010

libpng <= 1.4.2 DoS

CVE-2010-1205 came out and I decided to play around with it for a bit, since the potential surface attack was huge. Although I couldn't manage to dedicate much time, I eventually published a PoC for it, for those who might wonder you can get it from the excellent Exploit Database.
Fell free to dig into the code, if you manage to get a full working exploit I would love to hear from you.