CVE-2011-2690 · PublicCVE

Description

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Affected products

References

VENDOR_ADVISORYhttp://secunia.com/advisories/49660
MISChttp://www.securityfocus.com/bid/48660
VENDOR_ADVISORYhttp://secunia.com/advisories/45046
VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-1175-1
VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2011:151
MISChttp://security.gentoo.org/glsa/glsa-201206-15.xml
VENDOR_ADVISORYhttp://secunia.com/advisories/45461
MISChttp://www.libpng.org/pub/png/libpng.html
MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
VENDOR_ADVISORYhttp://www.debian.org/security/2011/dsa-2287
MAILING_LISThttp://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
MISChttps://bugzilla.redhat.com/show_bug.cgi?id=720607
VENDOR_ADVISORYhttp://secunia.com/advisories/45405
MISChttp://www.redhat.com/support/errata/RHSA-2011-1105.html
VENDOR_ADVISORYhttp://secunia.com/advisories/45460
MAILING_LISThttp://www.openwall.com/lists/oss-security/2011/07/13/2
VENDOR_ADVISORYhttp://support.apple.com/kb/HT5002
MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/68538
VENDOR_ADVISORYhttp://secunia.com/advisories/45492
MISChttp://www.redhat.com/support/errata/RHSA-2011-1104.html
VENDOR_ADVISORYhttp://secunia.com/advisories/45415