Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

The Bat! libpng bo?
From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 4 Nov 2004 18:54:39 +0300

Dear full-disclosure () lists netsys com,

  It  looks  like  The  Bat!  uses  libpng  1.0.5  and zlib 1.1.3 and is
  vulnerable  to very old buffer overflow and double free bugs. At least
  it catches exception on http://www.security.nnov.ru/files/libpngbo.png
  and  thread  is  silently closed... There is no any visual effect, but
  you can see it in debugger. The rest of The Bat! is written in Delphi.

  Can  anyone  confirm  if  this  is  exploitable  (I know nothing about
  Borland compilers)?

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
  • The Bat! libpng bo? 3APA3A (Nov 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]