Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2690

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2011-2690
Last Modified 09 Sep 2013 02:10:30
Published 17 Jul 2011 04:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2690

Summary

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Vulnerable Systems

Application

  • Libpng 1.0.0

  • Libpng 1.0.1

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.2

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.24

  • Libpng 1.0.25

  • Libpng 1.0.26

  • Libpng 1.0.27

  • Libpng 1.0.28

  • Libpng 1.0.29

  • Libpng 1.0.3

  • Libpng 1.0.30

  • Libpng 1.0.31

  • Libpng 1.0.32

  • Libpng 1.0.33

  • Libpng 1.0.34

  • Libpng 1.0.35

  • Libpng 1.0.37

  • Libpng 1.0.38

  • Libpng 1.0.39

  • Libpng 1.0.40

  • Libpng 1.0.41

  • Libpng 1.0.42

  • Libpng 1.0.43

  • Libpng 1.0.44

  • Libpng 1.0.45

  • Libpng 1.0.46

  • Libpng 1.0.47

  • Libpng 1.0.48

  • Libpng 1.0.5

  • Libpng 1.0.50

  • Libpng 1.0.51

  • Libpng 1.0.52

  • Libpng 1.0.53

  • Libpng 1.0.54

  • Libpng 1.0.6

  • Libpng 1.0.7

  • Libpng 1.0.8

  • Libpng 1.0.9

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.27

  • Libpng 1.2.28

  • Libpng 1.2.29

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.32

  • Libpng 1.2.33

  • Libpng 1.2.34

  • Libpng 1.2.35

  • Libpng 1.2.36

  • Libpng 1.2.37

  • Libpng 1.2.38

  • Libpng 1.2.39

  • Libpng 1.2.4

  • Libpng 1.2.40

  • Libpng 1.2.41

  • Libpng 1.2.42

  • Libpng 1.2.43

  • Libpng 1.2.44

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4.0

  • Libpng 1.4.1

  • Libpng 1.4.2

  • Libpng 1.4.3

  • Libpng 1.4.4

  • Libpng 1.4.5

  • Libpng 1.4.6

  • Libpng 1.4.7

  • Libpng 1.5.0

  • Libpng 1.5.1

  • Libpng 1.5.2

  • Libpng 1.5.3


References

CONFIRM - http://www.libpng.org/pub/png/libpng.html

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=720607

XF - libpng-pngrgbtogray-bo(68538)

UBUNTU - USN-1175-1

BID - 48660

REDHAT - RHSA-2011:1105

REDHAT - RHSA-2011:1104

MLIST - [oss-security] 20110713 Security issues fixed in libpng 1.5.4

MANDRIVA - MDVSA-2011:151

DEBIAN - DSA-2287

CONFIRM - http://support.apple.com/kb/HT5002

SECUNIA - 45492

SECUNIA - 45461

SECUNIA - 45460

SECUNIA - 45415

SECUNIA - 45405

SECUNIA - 45046

FEDORA - FEDORA-2011-9336

APPLE - APPLE-SA-2011-10-12-3

GENTOO - GLSA-201206-15

SECUNIA - 49660

Related Patches

Apple 2011-10-12 Mac OS X 10.7.2 Combo Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Update

Apple 2011-10-12 Mac OS X 10.7.2 Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Combo Update

Apple 2011-10-12 Security Update 2011-006 (Snow Leopard)

Apple 2011-10-12 Security Update 2011-006 Server (Snow Leopard)

Novell SUSE 2011:4948 libpng-devel security update for SLE 11 SP1 i586

Novell SUSE 2011:7670 libpng security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:49:38