6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.832 High
EPSS
Percentile
98.5%
The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.
The libpng library contains an integer overflow in the png_decompress_chunk()
function, which can result in a buffer overflow.
By causing libpng to process a specially-crafted PNG file (e.g. by visiting a web page, viewing an email, or opening a document), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the application that uses libpng.
Apply an update
This issue has been addressed in libpng versions 1.0.57, 1.2.47, 1.4.9, and 1.5.9. Please check with your software vendor for updates that utilize a fixed version of libpng.
523889
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Apple Mac OS X (e.g. Safari, Mail) uses libpng.
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23523889 Feedback>).
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Affected
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: March 02, 2012
Statement Date: March 01, 2012
Not Affected
Juniper Networks products are not susceptible to this vulnerability
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: March 01, 2012
Statement Date: February 29, 2012
Not Affected
Openwall GNU/*/Linux is not affected. We do not ship libpng.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
Notified: February 23, 2012 Updated: February 23, 2012
Unknown
We have not received a statement from the vendor.
We are not aware of further vendor information regarding this vulnerability.
View all 43 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | 0 | AV:–/AC:–/Au:–/C:–/I:–/A:– |
Temporal | 0 | E:ND/RL:ND/RC:ND |
Environmental | 0 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
Thanks to Jüri Aedla for reporting this vulnerability to the Google Chrome team.
This document was written by Will Dormann.
CVE IDs: | CVE-2011-3026 |
---|---|
Severity Metric: | 24.75 Date Public: |