The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

在libpng 1.0.53之前的版本、1.2.43之前的版本和1.4.1之前的版本中，pngrutil.c中的png_decompress_chunk函数未正确处理具有disproportionately large UncompressedRepresentation的压缩辅助数据。这导致远程攻击者可以通过创建恶意的PNG文件(例如，与“压缩 bomb”攻击相关的多个相同字符的出现)来对服务进行拒绝访问(内存和CPU使用、应用程序 hang)。此现象可以通过使用deflate压缩方法对包含多个相同字符的数据进行攻击演示而得到证明。

NVD 暂无评分

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

NVD 暂无漏洞类别信息

神龙GPT 暂无漏洞类别信息（请耐心等待）