pngcheck

pngcheck verifies the integrity of PNG, JNG and MNG files (by checking the internal 32-bit CRCs, a.k.a. checksums, and decompressing the image data); it can optionally dump almost all of the chunk-level information in the image in human-readable form. For example, it can be used to print the basic statistics about an image (dimensions, bit depth, etc.); to list the color and transparency info in its palette (assuming it has one); or to extract the embedded text annotations. This is a command-line program with batch capabilities.

Here's some sample output (screen shots, eh?):

    % pngcheck -cvt ArcTriomphe-iCCP-red-blue-swap.png
    File: ArcTriomphe-iCCP-red-blue-swap.png (5171 bytes)
      chunk IHDR at offset 0x0000c, length 13
        64 x 64 image, 8-bit colormap, non-interlaced
      chunk iCCP at offset 0x00025, length 461
        profile name = Swapped red & blue channel
        compression method = 0 (deflate), compressed profile = 433 bytes
      chunk PLTE at offset 0x001fe, length 759: 253 palette entries
      chunk IDAT at offset 0x00501, length 3616
        zlib: deflated, 32K window, default compression
      chunk tEXt at offset 0x0132d, length 68, keyword: Title
        PNG color-correction test image, swapped red and blue channels
      chunk tEXt at offset 0x0137d, length 143, keyword: Copyright
        Copyright 2005 Greg Roelofs. Licensed under Creative Commons
        AttributionNonCommercial, http://creativecommons.org/licenses/by-nc/2.5/
      chunk tIME at offset 0x01418, length 7: 16 Aug 2005 07:07:07 GMT
      chunk IEND at offset 0x0142b, length 0
    No errors detected in ArcTriomphe-iCCP-red-blue-swap.png (8 chunks, -26.2% compression).

    % pngcheck -c *.png
    OK: 000000.png (48x48, 1-bit grayscale, non-interlaced, 71.2%).
    OK: 000033.png (48x48, 1-bit colormap, non-interlaced, 66.0%).
    OK: 000066.png (48x48, 1-bit colormap, non-interlaced, 66.0%).
    OK: 000099.png (48x48, 1-bit colormap, non-interlaced, 66.0%).
     [...]
    OK: ffff66.png (48x48, 1-bit colormap, non-interlaced, 66.0%).
    OK: ffff99.png (48x48, 1-bit colormap, non-interlaced, 66.0%).
    OK: ffffcc.png (48x48, 1-bit colormap, non-interlaced, 66.0%).
    OK: ffffff.png (48x48, 1-bit grayscale, non-interlaced, 70.1%).
    ataylor-bad-text-length.png  illegal (unless recently approved) unknown, public chunk xORk
    ERROR: ataylor-bad-text-length.png
    google-island-96x69.png  zlib: inflate error = -3 (data error)
    ERROR: google-island-96x69.png

    Errors were detected in 2 of the 218 files tested.
    No errors were detected in 216 of the 218 files tested.

Vulnerability Warning

pngcheck versions 3.0.2 and earlier have a divide-by-zero bug when zlib-decoding interlaced PNGs with extra data beyond what is required for the declared image dimensions. This bug is fixed in version 3.0.3, released on 25 April 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.

The current release supports all PNG, MNG and JNG chunks, including the newer sTER (stereo layout) and eXIf (EXIF metadata) chunks. It correctly reports errors in all but two of the images in Chris Nokleberg's brokensuite-20061204. Also included (since version 2.1.0) are two helper utilities:

The extra utilities are licensed under the GNU General Public License (GPL); pngcheck itself remains under its original, MIT/X11-style license.

Current version: 3.0.3
Authors: Alexander Lehmann, Andreas Dilger, Greg Roelofs
License: Open Source
Platforms: Unix, DOS, OS/2, Windows, Macintosh, Amiga, etc.
README: local web site
http://www.libpng.org/pub/png/src/
ChangeLog: local web site
http://www.libpng.org/pub/png/src/
Binaries:
operating system
platform
version(s) at last check
Win32 (.zip)
HP-UX
Linux (.rpm)

FreeBSD
Linux (.deb)

Mac OS X 10.2

x86,x86_64
PA-RISC
many

x86
many

PPC

 3.0.3
 3.0.3
 3.0.3-

 3.0.2
 3.0.2-

 1.99.3


(most of these are "unofficial" binaries compiled by third parties)
Source code: local web site (.tar.gz)
local web site (.zip)

SHA-256 checksums:

c36a4491634af751f7798ea421321642f9590faa032eccb0dd5fb4533609dee6  pngcheck-3.0.3.tar.gz
13135c2cedff3083574b79856d7c2604b9487af0dcb8067f32ddf526ed395107  pngcheck-3.0.3.zip
Supporting libraries: zlib
Related software: PNG file chunk inspector - PNG file integrity checker and chunk dissector
pngmeta - PNG meta-information extractor


Security and Crash Bugs in Older Versions

Vulnerability Warning

pngcheck versions 3.0.1 and earlier have a buffer-overrun bug related to the MNG LOOP chunk (which gets noticed even in PNG files if the -s option is used). This bug is fixed in version 3.0.2, released on 31 January 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.

Vulnerability Warning

pngcheck versions 3.0.0 and earlier have a pair of buffer-overrun bugs related to the sPLT and PPLT chunks (the latter is a MNG-only chunk, but it gets noticed even in PNG files if the -s option is used). Both bugs are fixed in version 3.0.1, released on 24 January 2021. Again, while all known vulnerabilities are fixed in this version, the code is quite crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.

Vulnerability Warning

pngcheck versions 2.4.0 and earlier have a number of buffer-overrun bugs, most (but not all) of which are related to the -f option ("force continued parsing after major errors"). As such, the option has been removed altogether in version 3.0.0 (which is the reason for the major-version bump), released on 12 December 2020. All known vulnerabilities are fixed in this version, but the code is pretty crufty, so it would be safest to assume there are still some problems hidden in there. As always, use at your own risk.



[primary site hosted by SourceForge.net] Last updated 22 August 2021.

Copyright © 2000-2021 Greg Roelofs.