PT-2012-1094 · Libpng+4 · Libpng+4

Jan Lieskovsky

Published

2012-03-20

Updated

2025-06-09

CVE-2011-3045

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.4.10beta01 libpng versions 1.2.10 and earlier libpng versions 1.2.48 and earlier libpng (affected versions not specified)

Description The issue is related to an integer signedness error in the png inflate function in pngrutil.c in libpng, which can be exploited remotely to cause a denial of service or possibly execute arbitrary code via a crafted PNG file. This can lead to a violation of confidentiality, integrity, and availability of protected information. The exploitation can be carried out remotely.

Recommendations For libpng versions prior to 1.4.10beta01, update to version 1.4.10beta01 or later. For libpng versions 1.2.10 and earlier, update to a version later than 1.2.10. For libpng versions 1.2.48 and earlier, update to a version later than 1.2.48. For libpng with unspecified affected versions, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Integer Overflow

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190CWE-195CWE-401

Related Identifiers

AZL-41243

BDU:2015-07345

BDU:2015-07347

BDU:2015-07348

BDU:2015-07350

BDU:2015-07352

BDU:2015-08779

BDU:2015-08780

BDU:2015-08781

BDU:2015-08782

BDU:2015-08783

BDU:2015-09650

CESA-2012_0407

CVE-2011-3045

DSA-2439-1

OESA-2024-2091

OPENSUSE-SU-2012_0466-1

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2012:0407

RHSA-2012_0407

Affected Products

Centos

Google Chrome

Red Hat

Suse

Libpng

PT-2012-1094 · Libpng+4 · Libpng+4

CVE-2011-3045

Weakness Enumeration

Related Identifiers

Affected Products

References · 2392