Lucene search

[email protected]CVE-2011-2692

HistoryJul 17, 2011 - 8:55 p.m.

CVE-2011-2692

2011-07-1720:55:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-2692

libpng

pngrutil.c

memory corruption

application crash

remote attackers

denial of service

nvd

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.021

Percentile

89.1%

JSON

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Affected configurations

NVD

Node

libpnglibpngRange1.0.0–1.0.55

libpnglibpngRange1.2.0–1.2.45

libpnglibpngRange1.4.0–1.4.8

libpnglibpngRange1.5.0–1.5.4

Node

fedoraprojectfedoraMatch14

Node

debiandebian_linuxMatch5.0

debiandebian_linuxMatch6.0

Node

canonicalubuntu_linuxMatch8.04

canonicalubuntu_linuxMatch10.04

canonicalubuntu_linuxMatch10.10

canonicalubuntu_linuxMatch11.04

References

libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339

lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html

secunia.com/advisories/45046

secunia.com/advisories/45405

secunia.com/advisories/45415

secunia.com/advisories/45445

secunia.com/advisories/45460

secunia.com/advisories/45461

secunia.com/advisories/45492

secunia.com/advisories/49660

security.gentoo.org/glsa/glsa-201206-15.xml

sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement

support.apple.com/kb/HT5002

support.apple.com/kb/HT5281

www.debian.org/security/2011/dsa-2287

www.kb.cert.org/vuls/id/819894

www.libpng.org/pub/png/libpng.html

www.mandriva.com/security/advisories?name=MDVSA-2011:151

www.openwall.com/lists/oss-security/2011/07/13/2

www.redhat.com/support/errata/RHSA-2011-1103.html

www.redhat.com/support/errata/RHSA-2011-1104.html

www.redhat.com/support/errata/RHSA-2011-1105.html

www.securityfocus.com/bid/48618

www.ubuntu.com/usn/USN-1175-1

bugzilla.redhat.com/show_bug.cgi?id=720612

exchange.xforce.ibmcloud.com/vulnerabilities/68536

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.2

Confidence

High

EPSS

0.021

Percentile

89.1%

JSON

Related for CVE-2011-2692

centos2 prion1 openvas53 nvd1 nessus33 veracode1 ubuntucve1 cert1 redhat3 cvelist1 altlinux3 ubuntu1 securityvulns5 fedora12 debian1 oraclelinux3 gentoo1 ibm1