PT-2011-1187 · Png Development · Libpng
Huzaifa S. Sidhpurwala
·
Published
2011-07-17
·
Updated
2024-09-06
·
CVE-2011-2691
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
libpng versions 1.0.x through 1.0.54
libpng versions 1.2.x through 1.2.44
libpng versions 1.4.x through 1.4.7
libpng versions 1.5.x through 1.5.3
Description
The issue allows remote attackers to cause a denial of service, potentially leading to a disruption in confidentiality, integrity, and availability of protected information. This can be achieved through the exploitation of crafted PNG images. The
png err function in pngerror.c is specifically affected, as it makes a function call using a NULL pointer argument instead of an empty-string argument.Recommendations
For libpng versions 1.0.x through 1.0.54, update to version 1.0.55 or later.
For libpng versions 1.2.x through 1.2.44, update to version 1.2.45 or later.
For libpng versions 1.4.x through 1.4.7, update to version 1.4.8 or later.
For libpng versions 1.5.x through 1.5.3, update to version 1.5.4 or later.
Exploit
Fix
NULL Pointer Dereference
Memory Leak
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Libpng