CVE-2011-0408

Name of the Vulnerable Software and Affected Versions libpng versions 1.5.x before 1.5.1

Description The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted palette-based PNG image. This is related to the png do expand palette function, the png do rgb to gray function, and an integer underflow.

Recommendations For libpng versions 1.5.x before 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of palette-based PNG images until the update is applied.