GEN:SID 1:2673
Message WEB-CLIENT libpng tRNS overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer overflow
associated with the processing of a Portable Network Graphics (PNG) file by
libpng.
Impact A successful attack may cause a buffer overflow and the subsequent execution
of arbitrary code on a vulnerable client host.
Detailed Information A vulnerability exists in the way libpng handles the transparency chunk of
a PNG file, enabling a buffer overflow and the subsequent execution of
abitrary code on a vulnerable client.  A PNG datastream consists of a PNG
marker followed by a sequence of chunks that have a specific format and
function.

When libpng processes a PNG datastream, it expects to find chunk types
in a particular order.  For an image with palette color type, the PLTE
(palette) chunk must precede a tRNS (transparency) chunk.  If it does not,
an error is generated, but decoding continues.  Due to a logic error,
the length associated with the tRNS chunk is not properly validated.  A
length of greater than 256 bytes can cause a buffer overflow and the
subsequent execution of arbitrary code when the PNG image is processed.
Affected Systems Hosts running libpng 1.2.5 and prior
Hosts running libpng 1.0.15 and prior
Attack Scenarios An attacker can create a malformed PNG file on a web server, entice a user
to download it, possibly causing a buffer overflow on a vulnerable client.
Ease of Attack Simple. Exploit code exists.
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References  
Rule References bugtraq: 10872
cve: 2004-0597