Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3464

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2011-3464
Last Modified 23 Jul 2012 12:00:00
Published 22 Jul 2012 01:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3464

Summary

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.

Vulnerable Systems

Application

  • Libpng 1.5.0

  • Libpng 1.5.1

  • Libpng 1.5.2

  • Libpng 1.5.3

  • Libpng 1.5.4

  • Libpng 1.5.5

  • Libpng 1.5.6

  • Libpng 1.5.7


References

CONFIRM - http://www.libpng.org/pub/png/libpng.html

GENTOO - GLSA-201206-15

SECUNIA - 49660

SECUNIA - 47827


Last Updated: 27 May 2016 10:54:56