CVE-2010-1205_pngpread.c_in_libpng_before_1.2.44_and_1.4.x_before_1.4.3緩衝區溢出漏洞

# CVE-2010-1205 pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3緩衝區溢出漏洞
==INFO==

Sample exploit using CVE-2010-1205 vulnerability in libpng (<=1.4.2)

gregbook - set of sample programs distributed with libpng sources

generate - generates malicious png file which triggers heap-overflow while reading the file with libpng


steps to reproduce:
./build.sh                  # build all libraries and executables. gregbook/rpng2-x is linked against libpng-1.4.2 (buggy)
./generate/build/generate   # generates xploit.png - malformed png file
cd gregbook/
./rpng2-x ../xploit.png     # run explaple which shows how to use libpng to display png file. Ends with Segmentation fault.


steps to run with fixed libpng version (1.4.3):
in gregbook/Makefile edit line 33:
PNGDIR = ../libpng-1.4.3
in gregbook directory run:
make clean && make
./rpng2-x ../xploit.png     # opens window with the png file

==EXP==
https://github.com/JustYoomoon/Exploit/blob/main/CVE-2010-1205.zip