Inspection and Sanitization Guidance for Portable Network Graphic (PNG)

Abstract: The purpose of this document is to provide guidance for the development of a sanitization or analysis software tool for Portable Network Graphics (PNG) files. This document analyzes the various elements contained within the PNG images and then discusses data attack, data disclosure, and data hiding risks. It describes how these elements can then be a cause for concern from hidden sensitive data or from attempts to exploit a system. This report provides numerous recommendations and mitigations that could be used to ensure the use of PNG is safe and that files conform to the specification.

Date Published:

Last Reviewed: 02 January 2018

Identifier: CTR-U-OO-108407-18

Dissemination Control: N/A

Length: 41 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: Data Protection