PT-2011-1110 · Libpng+1 · Libpng+1

Huzaifa S. Sidhpurwala

Published

2011-07-17

Updated

2024-09-06

CVE-2011-2692

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.0.55 libpng versions prior to 1.2.45 libpng versions prior to 1.4.8 libpng versions prior to 1.5.4 libpng versions prior to 1.5.10

Description The issue is related to the handling of invalid sCAL chunks in PNG images, which can lead to a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory. The png handle sCAL function in pngrutil.c is specifically mentioned as not properly handling these chunks. Exploitation can be done remotely.

Recommendations For libpng versions prior to 1.0.55, update to version 1.0.55 or later. For libpng versions prior to 1.2.45, update to version 1.2.45 or later. For libpng versions prior to 1.4.8, update to version 1.4.8 or later. For libpng versions prior to 1.5.4, update to version 1.5.4 or later. For libpng versions prior to 1.5.10, update to version 1.5.10 or later.

Exploit

Fix

DoS

Buffer Overflow

Out of bounds Read

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-125CWE-401

Related Identifiers

BDU:2015-06313

BDU:2015-06314

BDU:2015-06316

BDU:2015-06317

BDU:2015-07020

BDU:2015-07022

BDU:2015-07024

BDU:2015-07027

BDU:2015-08755

BDU:2015-08756

BDU:2015-08757

BDU:2015-08758

BDU:2015-09650

CVE-2011-2692

DSA-2287-1

OESA-2024-2091

OPENSUSE-SU-2024:10050-1

RHSA-2011:1103

RHSA-2011:1104

RHSA-2011:1105

RHSA-2011_1103

RHSA-2011_1104

RHSA-2011_1105

Affected Products

Red Hat

Libpng

PT-2011-1110 · Libpng+1 · Libpng+1

CVE-2011-2692

Weakness Enumeration

Related Identifiers

Affected Products

References · 77