PT-2012-1094 · Libpng+4 · Libpng+4

Jan Lieskovsky

Publicado

2012-03-20

Atualizado

2025-06-09

CVE-2011-3045

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.4.10beta01 libpng versions 1.2.10 and earlier libpng versions 1.2.48 and earlier libpng (affected versions not specified)

Description The issue is related to an integer signedness error in the png inflate function in pngrutil.c in libpng, which can be exploited remotely to cause a denial of service or possibly execute arbitrary code via a crafted PNG file. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For libpng versions prior to 1.4.10beta01, update to version 1.4.10beta01 or later. For libpng versions 1.2.10 and earlier, update to a version later than 1.2.10. For libpng versions 1.2.48 and earlier, update to a version later than 1.2.48. For libpng with unspecified affected versions, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Memory Leak

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-190CWE-195CWE-401

Identificadores relacionados

AZL-41243

BDU:2015-07345

BDU:2015-07347

BDU:2015-07348

BDU:2015-07350

BDU:2015-07352

BDU:2015-08779

BDU:2015-08780

BDU:2015-08781

BDU:2015-08782

BDU:2015-08783

BDU:2015-09650

CESA-2012_0407

CVE-2011-3045

DSA-2439-1

OESA-2024-2091

OPENSUSE-SU-2012_0466-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2012:0407

RHSA-2012_0407

Produtos afetados

Centos

Google Chrome

Red Hat

Suse

Libpng

PT-2012-1094 · Libpng+4 · Libpng+4

CVE-2011-3045

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2392