Published: 16/02/2012 Updated: 16/04/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer overflow in libpng, as used in Google Chrome prior to 17.0.963.56, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
apple iphone os
apple mac os x 10.6.8
apple mac os x
apple mac os x server 10.6.8
apple mac os x server
opensuse opensuse 11.4
suse linux enterprise server 11
suse suse linux enterprise server 11

Debian Bug report logs - #660026 CVE-2011-3026 Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 15 Feb 2012 20:51:05 UTC Severity: grave Tags: security Fixed in versions libpng/1246-5, libpng/158-1 Done: Anibal Mon ...

Synopsis Important: libpng security update Type/Severity Security Advisory: Important Topic Updated libpng and libpng10 packages that fix one security issue are nowavailable for Red Hat Enterprise Linux 4, 5, and 6The Red Hat Security Response Team has rated this update as havingimportant security impact ...

Synopsis Critical: thunderbird security update Type/Severity Security Advisory: Critical Topic An updated thunderbird package that fixes one security issue is nowavailable for Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vuln ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An updated firefox package that fixes one security issue is now availablefor Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulnerabilit ...

Synopsis Critical: xulrunner security update Type/Severity Security Advisory: Critical Topic Updated xulrunner packages that fix one security issue are now availablefor Red Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulne ...

Synopsis Critical: seamonkey security update Type/Severity Security Advisory: Critical Topic Updated seamonkey packages that fix one security issue are now availablefor Red Hat Enterprise Linux 4The Red Hat Security Response Team has rated this update as having criticalsecurity impact A Common Vulnerabili ...

Thunderbird could be made to crash or run programs as your login if it opened a specially crafted file ...

Firefox could be made to crash or run programs as your login if it opened a specially crafted file ...

Xulrunner based applications could be made to crash or run programs as your login if they opened a specially crafted file ...

libpng could be made to crash or run programs as your login if it opened a specially crafted file ...

Several security issues were fixed in Thunderbird ...

A heap-based buffer overflow flaw was found in libpng An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-3026) ...

Mozilla Foundation Security Advisory 2012-11 libpng integer overflow Announced February 16, 2012 Impact Critical Products Firefox, Firefox ESR, SeaMonkey, Thunderbird, Thunderbird ESR Fixed in Firefox 10 ...

Example of exploiting CVE-2011-3026 on Firefox (Linux/x86)

cve-2011-3026-firefox Example of exploiting CVE-2011-3026 on Firefox (Linux/x86), from our Black Hat 2012 talk: "Exploiting the jemalloc Memory Allocator: Owning Firefox's Heap" Original slide deck available at: wwwblackhatcom/html/bh-us-12/bh-us-12-archiveshtml#Argyroudis Updated slide deck at: census-labscom/news/2012/08/03/blackhat-usa-2012-

CWE-190 http://code.google.com/p/chromium/issues/detail?id=112822 http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html http://secunia.com/advisories/49660 http://security.gentoo.org/glsa/glsa-201206-15.xml http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html http://support.apple.com/kb/HT5501 http://support.apple.com/kb/HT5503 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15032 http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html http://secunia.com/advisories/48110 http://secunia.com/advisories/48016 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026 https://nvd.nist.gov https://github.com/argp/cve-2011-3026-firefox https://www.kb.cert.org/vuls/id/523889

Get Started

CVE-2011-3026

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect