Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2692

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-2692
Last Modified 23 Jul 2012 11:33:03
Published 17 Jul 2011 04:55:01
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-2692

Summary

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Vulnerable Systems

Application

  • Libpng 1.0.0

  • Libpng 1.0.1

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.2

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.24

  • Libpng 1.0.25

  • Libpng 1.0.26

  • Libpng 1.0.27

  • Libpng 1.0.28

  • Libpng 1.0.29

  • Libpng 1.0.3

  • Libpng 1.0.30

  • Libpng 1.0.31

  • Libpng 1.0.32

  • Libpng 1.0.33

  • Libpng 1.0.34

  • Libpng 1.0.35

  • Libpng 1.0.37

  • Libpng 1.0.38

  • Libpng 1.0.39

  • Libpng 1.0.40

  • Libpng 1.0.41

  • Libpng 1.0.42

  • Libpng 1.0.43

  • Libpng 1.0.44

  • Libpng 1.0.45

  • Libpng 1.0.46

  • Libpng 1.0.47

  • Libpng 1.0.48

  • Libpng 1.0.5

  • Libpng 1.0.50

  • Libpng 1.0.51

  • Libpng 1.0.52

  • Libpng 1.0.53

  • Libpng 1.0.54

  • Libpng 1.0.6

  • Libpng 1.0.7

  • Libpng 1.0.8

  • Libpng 1.0.9

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.27

  • Libpng 1.2.28

  • Libpng 1.2.29

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.32

  • Libpng 1.2.33

  • Libpng 1.2.34

  • Libpng 1.2.35

  • Libpng 1.2.36

  • Libpng 1.2.37

  • Libpng 1.2.38

  • Libpng 1.2.39

  • Libpng 1.2.4

  • Libpng 1.2.40

  • Libpng 1.2.41

  • Libpng 1.2.42

  • Libpng 1.2.43

  • Libpng 1.2.44

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4.0

  • Libpng 1.4.1

  • Libpng 1.4.2

  • Libpng 1.4.3

  • Libpng 1.4.4

  • Libpng 1.4.5

  • Libpng 1.4.6

  • Libpng 1.4.7

  • Libpng 1.5.0

  • Libpng 1.5.1

  • Libpng 1.5.2

  • Libpng 1.5.3


References

CERT-VN - VU#819894

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=720612

MLIST - [oss-security] 20110713 Security issues fixed in libpng 1.5.4

CONFIRM - http://www.libpng.org/pub/png/libpng.html

CONFIRM - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339

XF - libpng-png-file-dos(68536)

UBUNTU - USN-1175-1

BID - 48618

REDHAT - RHSA-2011:1105

REDHAT - RHSA-2011:1104

REDHAT - RHSA-2011:1103

MANDRIVA - MDVSA-2011:151

DEBIAN - DSA-2287

CONFIRM - http://support.apple.com/kb/HT5002

CONFIRM - http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement

SECUNIA - 45492

SECUNIA - 45461

SECUNIA - 45460

SECUNIA - 45445

SECUNIA - 45415

SECUNIA - 45405

SECUNIA - 45046

FEDORA - FEDORA-2011-9336

APPLE - APPLE-SA-2011-10-12-3

CONFIRM - http://support.apple.com/kb/HT5281

APPLE - APPLE-SA-2012-05-09-1

GENTOO - GLSA-201206-15

SECUNIA - 49660

Related Patches

Apple 2011-10-12 Mac OS X 10.7.2 Combo Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Update

Apple 2011-10-12 Mac OS X 10.7.2 Update

Apple 2011-10-12 Mac OS X Server 10.7.2 Combo Update

Apple 2011-10-12 Security Update 2011-006 (Snow Leopard)

Apple 2011-10-12 Security Update 2011-006 Server (Snow Leopard)

Apple 2012-05-09 Security Update 2012-002 Server (Snow Leopard)

Apple 2012-05-09 Security Update 2012-002 (Snow Leopard)

Novell SUSE 2011:4948 libpng-devel security update for SLE 11 SP1 i586

Novell SUSE 2011:7670 libpng security update for SLE 10 SP4 i586


Last Updated: 27 May 2016 10:56:29