Published: 22/07/2012 Updated: 23/07/2012

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 up to and including 1.5.7 might allow remote malicious users to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libpng libpng 1.5.4
libpng libpng 1.5.5
libpng libpng 1.5.6
libpng libpng 1.5.2
libpng libpng 1.5.3
libpng libpng 1.5.7
libpng libpng 1.5.0
libpng libpng 1.5.1

Debian Bug report logs - #660026 CVE-2011-3026 Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 15 Feb 2012 20:51:05 UTC Severity: grave Tags: security Fixed in versions libpng/1246-5, libpng/158-1 Done: Anibal Mon ...

CWE-189 http://security.gentoo.org/glsa/glsa-201206-15.xml http://www.libpng.org/pub/png/libpng.html http://secunia.com/advisories/49660 http://secunia.com/advisories/47827 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=660026 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2011-3464

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect