Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2691

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2691
Last Modified 23 Jul 2012 11:33:03
Published 17 Jul 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2691

Summary

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Vulnerable Systems

Application

  • Libpng 1.0.0

  • Libpng 1.0.1

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.2

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.24

  • Libpng 1.0.25

  • Libpng 1.0.26

  • Libpng 1.0.27

  • Libpng 1.0.28

  • Libpng 1.0.29

  • Libpng 1.0.3

  • Libpng 1.0.30

  • Libpng 1.0.31

  • Libpng 1.0.32

  • Libpng 1.0.33

  • Libpng 1.0.34

  • Libpng 1.0.35

  • Libpng 1.0.37

  • Libpng 1.0.38

  • Libpng 1.0.39

  • Libpng 1.0.40

  • Libpng 1.0.41

  • Libpng 1.0.42

  • Libpng 1.0.43

  • Libpng 1.0.44

  • Libpng 1.0.45

  • Libpng 1.0.46

  • Libpng 1.0.47

  • Libpng 1.0.48

  • Libpng 1.0.5

  • Libpng 1.0.50

  • Libpng 1.0.51

  • Libpng 1.0.52

  • Libpng 1.0.53

  • Libpng 1.0.54

  • Libpng 1.0.6

  • Libpng 1.0.7

  • Libpng 1.0.8

  • Libpng 1.0.9

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.27

  • Libpng 1.2.28

  • Libpng 1.2.29

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.32

  • Libpng 1.2.33

  • Libpng 1.2.34

  • Libpng 1.2.35

  • Libpng 1.2.36

  • Libpng 1.2.37

  • Libpng 1.2.38

  • Libpng 1.2.39

  • Libpng 1.2.4

  • Libpng 1.2.40

  • Libpng 1.2.41

  • Libpng 1.2.42

  • Libpng 1.2.43

  • Libpng 1.2.44

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4.0

  • Libpng 1.4.1

  • Libpng 1.4.2

  • Libpng 1.4.3

  • Libpng 1.4.4

  • Libpng 1.4.5

  • Libpng 1.4.6

  • Libpng 1.4.7

  • Libpng 1.5.0

  • Libpng 1.5.1

  • Libpng 1.5.2

  • Libpng 1.5.3


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=720608

MLIST - [oss-security] 20110713 Security issues fixed in libpng 1.5.4

CONFIRM - http://www.libpng.org/pub/png/libpng.html

CONFIRM - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261

XF - libpng-pngdefaulterror-dos(68537)

BID - 48660

MANDRIVA - MDVSA-2011:151

DEBIAN - DSA-2287

CONFIRM - http://support.apple.com/kb/HT5002

SECUNIA - 45492

SECUNIA - 45405

SECUNIA - 45046

FEDORA - FEDORA-2011-9336

APPLE - APPLE-SA-2011-10-12-3

GENTOO - GLSA-201206-15

SECUNIA - 49660

Related Patches

Apple 2011-10-12 Mac OS X 10.7.2 Combo Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Update

Apple 2011-10-12 Mac OS X 10.7.2 Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Combo Update

Apple 2011-10-12 Security Update 2011-006 (Snow Leopard)

Apple 2011-10-12 Security Update 2011-006 Server (Snow Leopard)

Novell SUSE 2011:4948 libpng-devel security update for SLE 11 SP1 i586

Novell SUSE 2011:7670 libpng security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:49:38