Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3328

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2011-3328
Last Modified 21 Sep 2012 11:25:25
Published 17 Jan 2012 02:55:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2011-3328

Summary

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.

Vulnerable Systems

Application

  • Greg Roelofs Libpng 1.5.4


References

CERT-VN - VU#477046

CONFIRM - http://libpng.org/pub/png/libpng.html

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=740864

CONFIRM - http://sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624

CONFIRM - http://support.apple.com/kb/HT5130

APPLE - APPLE-SA-2012-02-01-1

CONFIRM - http://support.apple.com/kb/HT5281

APPLE - APPLE-SA-2012-05-09-1

CONFIRM - http://support.apple.com/kb/HT5503

APPLE - APPLE-SA-2012-09-19-1

Related Patches

Apple 2012-02-01 Mac OS X Server 10.7.3 Update

Apple 2012-02-01 Mac OS X 10.7.3 Update

Apple 2012-02-01 Mac OS X Server 10.7.3 Combo Update

Apple 2012-02-01 Mac OS X 10.7.3 Combo Update

Apple 2012-05-09 Security Update 2012-002 Server (Snow Leopard)

Apple 2012-05-09 Security Update 2012-002 (Snow Leopard)


Last Updated: 27 May 2016 10:57:20