Buffer overflow in libpng - CVE-2011-2690
Published: July 17, 2011 / Updated: August 11, 2020
Vulnerability identifier: #VU44882
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2011-2690
CWE-ID: CWE-120
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: libpng
Affected software:
libpng
libpng
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
How to mitigate CVE-2011-2690
Install update from vendor's website.
Sources
- http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
- http://secunia.com/advisories/45046
- http://secunia.com/advisories/45405
- http://secunia.com/advisories/45415
- http://secunia.com/advisories/45460
- http://secunia.com/advisories/45461
- http://secunia.com/advisories/45492
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- http://support.apple.com/kb/HT5002
- http://www.debian.org/security/2011/dsa-2287
- http://www.libpng.org/pub/png/libpng.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
- http://www.openwall.com/lists/oss-security/2011/07/13/2
- http://www.redhat.com/support/errata/RHSA-2011-1104.html
- http://www.redhat.com/support/errata/RHSA-2011-1105.html
- http://www.securityfocus.com/bid/48660
- http://www.ubuntu.com/usn/USN-1175-1
- https://bugzilla.redhat.com/show_bug.cgi?id=720607
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68538