8.8

CVE-2011-2692

Exploit

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Data is provided by the National Vulnerability Database (NVD)
LibpngLibpng Version >= 1.0.0 < 1.0.55
LibpngLibpng Version >= 1.2.0 < 1.2.45
LibpngLibpng Version >= 1.4.0 < 1.4.8
LibpngLibpng Version >= 1.5.0 < 1.5.4
FedoraprojectFedora Version14
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version10.04
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 7.1% 0.911
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.kb.cert.org/vuls/id/819894
Third Party Advisory
US Government Resource
http://www.securityfocus.com/bid/48618
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=720612
Patch
Third Party Advisory
Issue Tracking