PT-2011-2329 · Libpng · Libpng
Glenn Randers-Pehrson
·
Published
2011-01-18
·
Updated
2017-08-17
·
CVE-2011-0408
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
libpng versions 1.5.x before 1.5.1
Description
The issue allows remote attackers to cause a denial of service or possibly execute arbitrary code via a crafted palette-based PNG image. This is related to the
png do expand palette function, the png do rgb to gray function, and an integer underflow.Recommendations
For libpng versions 1.5.x before 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider avoiding the use of palette-based PNG images until the update is applied.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libpng