Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

The Bat! libpng bo?

From: 3APA3A <3APA3A () SECURITY NNOV RU>
Date: Thu, 4 Nov 2004 18:54:39 +0300
Dear full-disclosure () lists netsys com,

  It  looks  like  The  Bat!  uses  libpng  1.0.5  and zlib 1.1.3 and is
  vulnerable  to very old buffer overflow and double free bugs. At least
  it catches exception on http://www.security.nnov.ru/files/libpngbo.png
  and  thread  is  silently closed... There is no any visual effect, but
  you can see it in debugger. The rest of The Bat! is written in Delphi.

  Can  anyone  confirm  if  this  is  exploitable  (I know nothing about
  Borland compilers)?

-- 
http://www.security.nnov.ru
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: