8.8

CVE-2011-2692

Exploit
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version >= 1.0.0 < 1.0.55
LibpngLibpng Version >= 1.2.0 < 1.2.45
LibpngLibpng Version >= 1.4.0 < 1.4.8
LibpngLibpng Version >= 1.5.0 < 1.5.4
FedoraprojectFedora Version14
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version10.04
CanonicalUbuntu Linux Version10.10
CanonicalUbuntu Linux Version11.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.23% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://www.libpng.org/pub/png/libpng.html
Vendor Advisory
Product
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT5002
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT5281
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/45046
Broken Link
http://secunia.com/advisories/45405
Broken Link
http://secunia.com/advisories/45415
Broken Link
http://secunia.com/advisories/45460
Broken Link
http://secunia.com/advisories/45492
Broken Link
http://secunia.com/advisories/49660
Broken Link
http://security.gentoo.org/glsa/glsa-201206-15.xml
Third Party Advisory
http://www.debian.org/security/2011/dsa-2287
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
Broken Link
http://www.redhat.com/support/errata/RHSA-2011-1105.html
Broken Link
http://www.ubuntu.com/usn/USN-1175-1
Third Party Advisory
http://secunia.com/advisories/45461
Broken Link
http://www.openwall.com/lists/oss-security/2011/07/13/2
Third Party Advisory
Mailing List
http://www.redhat.com/support/errata/RHSA-2011-1104.html
Broken Link
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
http://secunia.com/advisories/45445
Broken Link
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
Third Party Advisory
Exploit
Issue Tracking
http://www.kb.cert.org/vuls/id/819894
Third Party Advisory
US Government Resource
http://www.redhat.com/support/errata/RHSA-2011-1103.html
Broken Link
http://www.securityfocus.com/bid/48618
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=720612
Patch
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
Third Party Advisory
VDB Entry