CVE-2011-2501

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.x through 1.0.54 libpng versions 1.2.x through 1.2.44 libpng versions 1.4.x through 1.4.7 libpng versions 1.5.x through 1.5.3 libpng versions prior to 1.5.10

Description The issue allows remote attackers to cause a denial of service, potentially leading to disruption of confidentiality, integrity, and availability of protected information. This can be achieved through the exploitation of multiple vulnerabilities in the libpng package, which may be triggered by crafted PNG images. The png format buffer function in pngerror.c is specifically vulnerable to an out-of-bounds read during the copying of error-message data, which some sources refer to as an off-by-one error.

Recommendations For libpng versions 1.0.x through 1.0.54, update to version 1.0.55 or later. For libpng versions 1.2.x through 1.2.44, update to version 1.2.45 or later. For libpng versions 1.4.x through 1.4.7, update to version 1.4.8 or later. For libpng versions 1.5.x through 1.5.3, update to version 1.5.4 or later. For libpng versions prior to 1.5.10, update to version 1.5.10 or later.