Lucene search

[email protected]CVE-2011-3045

HistoryMar 22, 2012 - 4:55 p.m.

CVE-2011-3045

2012-03-2216:55:01

CWE-190

[email protected]

web.nvd.nist.gov

138

cve-2011-3045

libpng

integer signedness error

pngrutil.c

remote attackers

denial of service

arbitrary code

png file

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.832 High

EPSS

Percentile

98.5%

JSON

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Affected configurations

NVD

Node

googlechromeRange<17.0.963.83

Node

redhatgluster_storageMatch2.0

redhatstorageMatch2.0

redhatstorage_for_public_cloudMatch2.0

debiandebian_linuxMatch6.0

fedoraprojectfedoraMatch15

fedoraprojectfedoraMatch16

fedoraprojectfedoraMatch17

opensuseopensuseMatch12.1

redhatenterprise_linuxMatch5.0

redhatenterprise_linuxMatch6.0

redhatenterprise_linux_desktopMatch5.0

redhatenterprise_linux_desktopMatch6.0

redhatenterprise_linux_server_ausMatch6.2

redhatenterprise_linux_server_eusMatch6.2

redhatenterprise_linux_workstationMatch5.0

redhatenterprise_linux_workstationMatch6.0

Node

libpnglibpngRange<1.5.10

CPENameOperatorVersion
google:chromegoogle chromelt17.0.963.83

CPE	Name	Operator	Version
google:chrome	google chrome	lt	17.0.963.83

References

code.google.com/p/chromium/issues/detail?id=116162

googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b

lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html

lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html

lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html

lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html

lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html

lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html

lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

lists.opensuse.org/opensuse-updates/2012-03/msg00051.html

rhn.redhat.com/errata/RHSA-2012-0407.html

rhn.redhat.com/errata/RHSA-2012-0488.html

secunia.com/advisories/48320

secunia.com/advisories/48485

secunia.com/advisories/48512

secunia.com/advisories/48554

secunia.com/advisories/49660

security.gentoo.org/glsa/glsa-201206-15.xml

src.chromium.org/viewvc/chrome?view=rev&revision=125311

www.debian.org/security/2012/dsa-2439

www.mandriva.com/security/advisories?name=MDVSA-2012:033

www.securitytracker.com/id?1026823

bugzilla.redhat.com/show_bug.cgi?id=799000

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763

Social References

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

High

0.832 High

EPSS

Percentile

98.5%

JSON

CVE-2011-3045

Affected configurations

References

Social References

Related