Lucene search

[email protected]CVE-2011-2691

HistoryJul 17, 2011 - 8:55 p.m.

CVE-2011-2691

2011-07-1720:55:01

CWE-476

[email protected]

web.nvd.nist.gov

cve-2011-2691

libpng

function call

null pointer

denial of service

application crash

png image

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Affected configurations

NVD

Node

libpnglibpngRange1.0.0–1.0.55

libpnglibpngRange1.2.0–1.2.45

libpnglibpngRange1.4.0–1.4.8

libpnglibpngRange1.5.0–1.5.4

Node

fedoraprojectfedoraMatch14

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

CPENameOperatorVersion
libpng:libpnglibpnglt1.0.55
libpng:libpnglibpnglt1.2.45
libpng:libpnglibpnglt1.4.8
libpng:libpnglibpnglt1.5.4

CPE	Name	Operator	Version
libpng:libpng	libpng	lt	1.0.55
libpng:libpng	libpng	lt	1.2.45
libpng:libpng	libpng	lt	1.4.8
libpng:libpng	libpng	lt	1.5.4

References

libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html

marc.info/?l=bugtraq&m=133951357207000&w=2

secunia.com/advisories/45046

secunia.com/advisories/45405

secunia.com/advisories/45492

secunia.com/advisories/49660

security.gentoo.org/glsa/glsa-201206-15.xml

support.apple.com/kb/HT5002

www.debian.org/security/2011/dsa-2287

www.libpng.org/pub/png/libpng.html

www.mandriva.com/security/advisories?name=MDVSA-2011:151

www.openwall.com/lists/oss-security/2011/07/13/2

www.securityfocus.com/bid/48660

bugzilla.redhat.com/show_bug.cgi?id=720608

exchange.xforce.ibmcloud.com/vulnerabilities/68537

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.012 Low

EPSS

Percentile

85.3%

JSON

Related for CVE-2011-2691

cvelist1 nvd1 ubuntucve1 prion1 altlinux3 oraclelinux3 nessus18 openvas31 debian1 fedora7 gentoo1 securityvulns4 ibm1