CVE-2011-2692

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
Affected Products (NVD)
VendorProductVersion
libpnglibpng
1.0.0 ≤
𝑥
< 1.0.55
libpnglibpng
1.2.0 ≤
𝑥
< 1.2.45
libpnglibpng
1.4.0 ≤
𝑥
< 1.4.8
libpnglibpng
1.5.0 ≤
𝑥
< 1.5.4
debiandebian_linux
5.0
debiandebian_linux
6.0
canonicalubuntu_linux
8.04
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
canonicalubuntu_linux
11.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
Fixed 14.0.835.202~r103287-0ubuntu0.10.04.2
released
maverick
Fixed 14.0.835.202~r103287-0ubuntu0.10.10.1
released
natty
Fixed 14.0.835.202~r103287-0ubuntu0.11.04.1
released
oneiric
Fixed 14.0.835.202~r103287-0ubuntu1
released
precise
not-affected
firefox
hardy
ignored
lucid
Fixed 10.0+build1-0ubuntu0.10.04.2
released
maverick
ignored
natty
Fixed 8.0+build1-0ubuntu0.11.04.1
released
oneiric
Fixed 8.0+build1-0ubuntu0.11.10.1
released
precise
Fixed 8.0~b4+build1-0ubuntu2
released
libpng
hardy
Fixed 1.2.15~beta5-3ubuntu0.4
released
lucid
Fixed 1.2.42-1ubuntu2.2
released
maverick
Fixed 1.2.44-1ubuntu0.1
released
natty
Fixed 1.2.44-1ubuntu3.1
released
oneiric
not-affected
precise
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpng15-15
suse enterprise sap 12 SP5
1.5.22-9.1
fixed
suse enterprise server 12 SP3
1.5.22-9.1
fixed
suse enterprise server 12 SP4
1.5.22-9.1
fixed
suse enterprise server 12 SP5
1.5.22-9.1
fixed
libpng16-16
suse enterprise sap 12 SP5
1.6.8-14.1
fixed
suse enterprise server 12 SP3
1.6.8-14.1
fixed
suse enterprise server 12 SP4
1.6.8-14.1
fixed
suse enterprise server 12 SP5
1.6.8-14.1
fixed
libpng16-16-32bit
suse enterprise sap 12 SP5
1.6.8-14.1
fixed
suse enterprise server 12 SP3
1.6.8-14.1
fixed
suse enterprise server 12 SP4
1.6.8-14.1
fixed
suse enterprise server 12 SP5
1.6.8-14.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libpng
RHEL 6
2:1.2.46-1.el6_1
fixed
libpng-devel
RHEL 6
2:1.2.46-1.el6_1
fixed
libpng-static
RHEL 6
2:1.2.46-1.el6_1
fixed
Common Weakness Enumeration
References
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45415
http://secunia.com/advisories/45445
http://secunia.com/advisories/45460
http://secunia.com/advisories/45461
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
http://support.apple.com/kb/HT5002
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2011/dsa-2287
http://www.kb.cert.org/vuls/id/819894
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.redhat.com/support/errata/RHSA-2011-1103.html
http://www.redhat.com/support/errata/RHSA-2011-1104.html
http://www.redhat.com/support/errata/RHSA-2011-1105.html
http://www.securityfocus.com/bid/48618
http://www.ubuntu.com/usn/USN-1175-1
https://bugzilla.redhat.com/show_bug.cgi?id=720612
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45415
http://secunia.com/advisories/45445
http://secunia.com/advisories/45460
http://secunia.com/advisories/45461
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
http://support.apple.com/kb/HT5002
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2011/dsa-2287
http://www.kb.cert.org/vuls/id/819894
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.redhat.com/support/errata/RHSA-2011-1103.html
http://www.redhat.com/support/errata/RHSA-2011-1104.html
http://www.redhat.com/support/errata/RHSA-2011-1105.html
http://www.securityfocus.com/bid/48618
http://www.ubuntu.com/usn/USN-1175-1
https://bugzilla.redhat.com/show_bug.cgi?id=720612
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536