Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-3425

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2012-3425
Last Modified 07 Sep 2012 12:30:35
Published 13 Aug 2012 04:55:09
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-3425

Summary

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

Vulnerable Systems

Application

  • Libpng 1.0.0

  • Libpng 1.0.1

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.2

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.24

  • Libpng 1.0.25

  • Libpng 1.0.26

  • Libpng 1.0.27

  • Libpng 1.0.28

  • Libpng 1.0.29

  • Libpng 1.0.3

  • Libpng 1.0.30

  • Libpng 1.0.31

  • Libpng 1.0.32

  • Libpng 1.0.33

  • Libpng 1.0.34

  • Libpng 1.0.35

  • Libpng 1.0.37

  • Libpng 1.0.38

  • Libpng 1.0.39

  • Libpng 1.0.40

  • Libpng 1.0.41

  • Libpng 1.0.42

  • Libpng 1.0.43

  • Libpng 1.0.44

  • Libpng 1.0.45

  • Libpng 1.0.46

  • Libpng 1.0.47

  • Libpng 1.0.48

  • Libpng 1.0.5

  • Libpng 1.0.50

  • Libpng 1.0.51

  • Libpng 1.0.52

  • Libpng 1.0.53

  • Libpng 1.0.54

  • Libpng 1.0.55

  • Libpng 1.0.56

  • Libpng 1.0.57

  • Libpng 1.0.6

  • Libpng 1.0.7

  • Libpng 1.0.8

  • Libpng 1.0.9

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.12

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.27

  • Libpng 1.2.28

  • Libpng 1.2.29

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.32

  • Libpng 1.2.33

  • Libpng 1.2.34

  • Libpng 1.2.35

  • Libpng 1.2.36

  • Libpng 1.2.37

  • Libpng 1.2.38

  • Libpng 1.2.39

  • Libpng 1.2.4

  • Libpng 1.2.40

  • Libpng 1.2.41

  • Libpng 1.2.42

  • Libpng 1.2.43

  • Libpng 1.2.44

  • Libpng 1.2.45

  • Libpng 1.2.46

  • Libpng 1.2.47

  • Libpng 1.2.48

  • Libpng 1.2.5

  • Libpng 1.2.6

  • Libpng 1.2.7

  • Libpng 1.2.8

  • Libpng 1.2.9

  • Libpng 1.4.0

  • Libpng 1.4.1

  • Libpng 1.4.2

  • Libpng 1.4.3

  • Libpng 1.4.4

  • Libpng 1.4.5

  • Libpng 1.4.6

  • Libpng 1.4.7

  • Libpng 1.4.8

  • Libpng 1.4.9

  • Libpng 1.5.0

  • Libpng 1.5.1

  • Libpng 1.5.10

  • Libpng 1.5.2

  • Libpng 1.5.3

  • Libpng 1.5.4

  • Libpng 1.5.5

  • Libpng 1.5.6

  • Libpng 1.5.7

  • Libpng 1.5.8

  • Libpng 1.5.9

  • Redhat Libpng 1.2.2-16

  • Redhat Libpng 1.2.2-20


References

MLIST - [oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images

MLIST - [oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images

MISC - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8

MISC - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15

MISC - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14

MISC - http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10

MISC - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082

SUSE - openSUSE-SU-2012:0934

Related Patches

Novell SUSE 2012:6596 libpng-devel security update for SLE 11 SP1 i586

Novell SUSE 2012:6596 libpng-devel security update for SLE 11 SP1 x86_64

Novell SUSE 2012:8234 libpng security update for SLE 10 SP4 i586

Novell SUSE 2012:8234 libpng security update for SLE 10 SP4 x86_64


Last Updated: 27 May 2016 10:51:40