Published: 22/03/2012 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Integer signedness error in the png_inflate function in pngrutil.c in libpng prior to 1.4.10beta01, as used in Google Chrome prior to 17.0.963.83 and other products, allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google chrome
fedoraproject fedora 17
fedoraproject fedora 16
redhat enterprise linux server aus 6.2
redhat enterprise linux 6.0
redhat enterprise linux workstation 5.0
debian debian linux 6.0
redhat enterprise linux desktop 6.0
redhat enterprise linux server eus 6.2
fedoraproject fedora 15
redhat enterprise linux 5.0
redhat enterprise linux workstation 6.0
redhat enterprise linux desktop 5.0
opensuse opensuse 12.1
redhat storage 2.0
redhat storage for public cloud 2.0
redhat gluster storage 2.0
libpng libpng

Synopsis Moderate: libpng security update Type/Severity Security Advisory: Moderate Topic Updated libpng packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabili ...

libpng could be made to crash or run programs as your login if it opened a specially crafted file ...

A heap-based buffer overflow flaw was found in the way libpng processed compressed chunks in PNG image files An attacker could create a specially-crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application (CVE-2011-3045) ...

CWE-190 http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html http://code.google.com/p/chromium/issues/detail?id=116162 http://src.chromium.org/viewvc/chrome?view=rev&revision=125311 https://bugzilla.redhat.com/show_bug.cgi?id=799000 http://secunia.com/advisories/48485 http://secunia.com/advisories/48512 http://secunia.com/advisories/48554 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html http://secunia.com/advisories/48320 http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html http://secunia.com/advisories/49660 http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.securitytracker.com/id?1026823 http://rhn.redhat.com/errata/RHSA-2012-0488.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html http://www.debian.org/security/2012/dsa-2439 http://rhn.redhat.com/errata/RHSA-2012-0407.html http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b https://access.redhat.com/errata/RHSA-2012:0407 https://usn.ubuntu.com/1402-1/https://nvd.nist.gov

CVE-2011-3045

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect