CVE-2011-2692

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 87%
VendorProductVersion
libpnglibpng
1.0.0 ≤
𝑥
< 1.0.55
libpnglibpng
1.2.0 ≤
𝑥
< 1.2.45
libpnglibpng
1.4.0 ≤
𝑥
< 1.4.8
libpnglibpng
1.5.0 ≤
𝑥
< 1.5.4
debiandebian_linux
5.0
debiandebian_linux
6.0
canonicalubuntu_linux
8.04
canonicalubuntu_linux
10.04
canonicalubuntu_linux
10.10
canonicalubuntu_linux
11.04
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
precise
not-affected
oneiric
Fixed 14.0.835.202~r103287-0ubuntu1
released
natty
Fixed 14.0.835.202~r103287-0ubuntu0.11.04.1
released
maverick
Fixed 14.0.835.202~r103287-0ubuntu0.10.10.1
released
lucid
Fixed 14.0.835.202~r103287-0ubuntu0.10.04.2
released
hardy
dne
firefox
precise
Fixed 8.0~b4+build1-0ubuntu2
released
oneiric
Fixed 8.0+build1-0ubuntu0.11.10.1
released
natty
Fixed 8.0+build1-0ubuntu0.11.04.1
released
maverick
ignored
lucid
Fixed 10.0+build1-0ubuntu0.10.04.2
released
hardy
ignored
libpng
precise
not-affected
oneiric
not-affected
natty
Fixed 1.2.44-1ubuntu3.1
released
maverick
Fixed 1.2.44-1ubuntu0.1
released
lucid
Fixed 1.2.42-1ubuntu2.2
released
hardy
Fixed 1.2.15~beta5-3ubuntu0.4
released
Common Weakness Enumeration
References
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45415
http://secunia.com/advisories/45445
http://secunia.com/advisories/45460
http://secunia.com/advisories/45461
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
http://support.apple.com/kb/HT5002
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2011/dsa-2287
http://www.kb.cert.org/vuls/id/819894
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.redhat.com/support/errata/RHSA-2011-1103.html
http://www.redhat.com/support/errata/RHSA-2011-1104.html
http://www.redhat.com/support/errata/RHSA-2011-1105.html
http://www.securityfocus.com/bid/48618
http://www.ubuntu.com/usn/USN-1175-1
https://bugzilla.redhat.com/show_bug.cgi?id=720612
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45415
http://secunia.com/advisories/45445
http://secunia.com/advisories/45460
http://secunia.com/advisories/45461
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
http://support.apple.com/kb/HT5002
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2011/dsa-2287
http://www.kb.cert.org/vuls/id/819894
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.redhat.com/support/errata/RHSA-2011-1103.html
http://www.redhat.com/support/errata/RHSA-2011-1104.html
http://www.redhat.com/support/errata/RHSA-2011-1105.html
http://www.securityfocus.com/bid/48618
http://www.ubuntu.com/usn/USN-1175-1
https://bugzilla.redhat.com/show_bug.cgi?id=720612
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536