CVE-2011-3048

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
libpnglibpng
1.0.0
libpnglibpng
1.0.1
libpnglibpng
1.0.2
libpnglibpng
1.0.3
libpnglibpng
1.0.5
libpnglibpng
1.0.6
libpnglibpng
1.0.7
libpnglibpng
1.0.8
libpnglibpng
1.0.9
libpnglibpng
1.0.10
libpnglibpng
1.0.11
libpnglibpng
1.0.12
libpnglibpng
1.0.13
libpnglibpng
1.0.14
libpnglibpng
1.0.15
libpnglibpng
1.0.16
libpnglibpng
1.0.17
libpnglibpng
1.0.18
libpnglibpng
1.0.19
libpnglibpng
1.0.20
libpnglibpng
1.0.21
libpnglibpng
1.0.22
libpnglibpng
1.0.23
libpnglibpng
1.0.24
libpnglibpng
1.0.25
libpnglibpng
1.0.26
libpnglibpng
1.0.27
libpnglibpng
1.0.28
libpnglibpng
1.0.29
libpnglibpng
1.0.30
libpnglibpng
1.0.31
libpnglibpng
1.0.32
libpnglibpng
1.0.33
libpnglibpng
1.0.34
libpnglibpng
1.0.35
libpnglibpng
1.0.37
libpnglibpng
1.0.38
libpnglibpng
1.0.39
libpnglibpng
1.0.40
libpnglibpng
1.0.41
libpnglibpng
1.0.42
libpnglibpng
1.0.43
libpnglibpng
1.0.44
libpnglibpng
1.0.45
libpnglibpng
1.0.46
libpnglibpng
1.0.47
libpnglibpng
1.0.48
libpnglibpng
1.0.50
libpnglibpng
1.0.51
libpnglibpng
1.0.52
libpnglibpng
1.0.53
libpnglibpng
1.0.54
libpnglibpng
1.0.55
libpnglibpng
1.0.55:rc01
libpnglibpng
1.0.56
libpnglibpng
1.0.56:devel
libpnglibpng
1.0.57
libpnglibpng
1.0.57:rc01
libpnglibpng
1.0.58
libpnglibpng
1.2.0
libpnglibpng
1.2.1
libpnglibpng
1.2.2
libpnglibpng
1.2.3
libpnglibpng
1.2.4
libpnglibpng
1.2.5
libpnglibpng
1.2.6
libpnglibpng
1.2.7
libpnglibpng
1.2.8
libpnglibpng
1.2.9
libpnglibpng
1.2.10
libpnglibpng
1.2.11
libpnglibpng
1.2.12
libpnglibpng
1.2.13
libpnglibpng
1.2.14
libpnglibpng
1.2.15
libpnglibpng
1.2.16
libpnglibpng
1.2.17
libpnglibpng
1.2.18
libpnglibpng
1.2.19
libpnglibpng
1.2.20
libpnglibpng
1.2.21
libpnglibpng
1.2.22
libpnglibpng
1.2.23
libpnglibpng
1.2.24
libpnglibpng
1.2.25
libpnglibpng
1.2.26
libpnglibpng
1.2.27
libpnglibpng
1.2.28
libpnglibpng
1.2.29
libpnglibpng
1.2.30
libpnglibpng
1.2.31
libpnglibpng
1.2.32
libpnglibpng
1.2.33
libpnglibpng
1.2.34
libpnglibpng
1.2.35
libpnglibpng
1.2.36
libpnglibpng
1.2.37
libpnglibpng
1.2.38
libpnglibpng
1.2.39
libpnglibpng
1.2.40
libpnglibpng
1.2.41
libpnglibpng
1.2.42
libpnglibpng
1.2.43
libpnglibpng
1.2.43:devel
libpnglibpng
1.2.44
libpnglibpng
1.2.45
libpnglibpng
1.2.45:devel
libpnglibpng
1.2.46
libpnglibpng
1.2.46:devel
libpnglibpng
1.2.47
libpnglibpng
1.2.47:beta
libpnglibpng
1.2.48
libpnglibpng
1.2.48:betas
libpnglibpng
1.4.0
libpnglibpng
1.4.1
libpnglibpng
1.4.2
libpnglibpng
1.4.3
libpnglibpng
1.4.4
libpnglibpng
1.4.5
libpnglibpng
1.4.6
libpnglibpng
1.4.7
libpnglibpng
1.4.8
libpnglibpng
1.4.9
libpnglibpng
1.4.10
libpnglibpng
1.5.0:beta
libpnglibpng
1.5.1
libpnglibpng
1.5.1:beta
libpnglibpng
1.5.2
libpnglibpng
1.5.2:beta
libpnglibpng
1.5.3:beta
libpnglibpng
1.5.4
libpnglibpng
1.5.4:beta
libpnglibpng
1.5.5
libpnglibpng
1.5.5:beta
libpnglibpng
1.5.6
libpnglibpng
1.5.6:beta
libpnglibpng
1.5.7
libpnglibpng
1.5.7:beta
libpnglibpng
1.5.8
libpnglibpng
1.5.8:beta
libpnglibpng
1.5.9
libpnglibpng
1.5.9:beta
libpnglibpng
1.5.10:beta
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
hardy
dne
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
firefox
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
libpng
hardy
Fixed 1.2.15~beta5-3ubuntu0.7
released
lucid
Fixed 1.2.42-1ubuntu2.5
released
maverick
Fixed 1.2.44-1ubuntu0.4
released
natty
Fixed 1.2.44-1ubuntu3.4
released
oneiric
Fixed 1.2.46-3ubuntu1.3
released
thunderbird
hardy
ignored
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libpng12-0
suse enterprise sap 12 SP5
1.2.50-19.1
fixed
suse enterprise server 12 SP3
1.2.50-19.1
fixed
suse enterprise server 12 SP4
1.2.50-19.1
fixed
suse enterprise server 12 SP5
1.2.50-19.1
fixed
libpng12-0-32bit
suse enterprise sap 12 SP5
1.2.50-19.1
fixed
suse enterprise server 12 SP3
1.2.50-19.1
fixed
suse enterprise server 12 SP4
1.2.50-19.1
fixed
suse enterprise server 12 SP5
1.2.50-19.1
fixed
libpng15-15
suse enterprise sap 12 SP5
1.5.22-9.1
fixed
suse enterprise server 12 SP3
1.5.22-9.1
fixed
suse enterprise server 12 SP4
1.5.22-9.1
fixed
suse enterprise server 12 SP5
1.5.22-9.1
fixed
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libpng
RHEL 6
2:1.2.49-1.el6_2
fixed
libpng-devel
RHEL 6
2:1.2.49-1.el6_2
fixed
libpng-static
RHEL 6
2:1.2.49-1.el6_2
fixed
Common Weakness Enumeration
References
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html
http://rhn.redhat.com/errata/RHSA-2012-0523.html
http://secunia.com/advisories/48587
http://secunia.com/advisories/48644
http://secunia.com/advisories/48665
http://secunia.com/advisories/48721
http://secunia.com/advisories/48983
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT5503
http://ubuntu.com/usn/usn-1417-1
http://www.debian.org/security/2012/dsa-2446
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2012:046
http://www.osvdb.org/80822
http://www.securityfocus.com/bid/52830
http://www.securitytracker.com/id?1026879
https://exchange.xforce.ibmcloud.com/vulnerabilities/74494
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html
http://rhn.redhat.com/errata/RHSA-2012-0523.html
http://secunia.com/advisories/48587
http://secunia.com/advisories/48644
http://secunia.com/advisories/48665
http://secunia.com/advisories/48721
http://secunia.com/advisories/48983
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://support.apple.com/kb/HT5501
http://support.apple.com/kb/HT5503
http://ubuntu.com/usn/usn-1417-1
http://www.debian.org/security/2012/dsa-2446
http://www.libpng.org/pub/png/libpng.html
http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt
http://www.mandriva.com/security/advisories?name=MDVSA-2012:046
http://www.osvdb.org/80822
http://www.securityfocus.com/bid/52830
http://www.securitytracker.com/id?1026879
https://exchange.xforce.ibmcloud.com/vulnerabilities/74494