CVE-2011-3464

Name of the Vulnerable Software and Affected Versions libpng versions 1.5.4 through 1.5.7 libpng versions prior to 1.5.10

Description The issue is related to an off-by-one error in the png formatted warning function in pngerror.c, which might allow remote attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors, triggering a stack-based buffer overflow. Multiple vulnerabilities in the libpng package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For versions 1.5.4 through 1.5.7, update to a version prior to 1.5.10. For versions prior to 1.5.10, update to version 1.5.10 or later.