CVE-2011-3464

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
appleCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
libpnglibpng
1.5.0:beta
libpnglibpng
1.5.1
libpnglibpng
1.5.1:beta
libpnglibpng
1.5.2
libpnglibpng
1.5.2:beta
libpnglibpng
1.5.3:beta
libpnglibpng
1.5.4
libpnglibpng
1.5.4:beta
libpnglibpng
1.5.5
libpnglibpng
1.5.5:beta
libpnglibpng
1.5.6
libpnglibpng
1.5.6:beta
libpnglibpng
1.5.7
libpnglibpng
1.5.7:beta
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
dne
firefox
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
libpng
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
not-affected
thunderbird
precise
not-affected
oneiric
not-affected
natty
not-affected
lucid
not-affected
hardy
ignored
Common Weakness Enumeration
References
http://secunia.com/advisories/47827
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://www.libpng.org/pub/png/libpng.html
http://secunia.com/advisories/47827
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://www.libpng.org/pub/png/libpng.html