#VU44883 NULL pointer dereference in libpng - CVE-2011-2691

Cybersecurity Help s.r.o.

Published: 2011-07-17 | Updated: 2020-08-11

Vulnerability identifier: #VU44883

Vulnerability risk: Medium

CVSSv4.0: 4.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-2691

CWE-ID: CWE-476

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
libpng
Universal components / Libraries / Libraries used by multiple products

Vendor: libpng

Description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Mitigation
Install update from vendor's website.

Vulnerable software versions

libpng: 1.5.0 - 1.5.3

External links
https://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261
https://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
https://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
https://marc.info/?l=bugtraq&m=133951357207000&w=2
https://secunia.com/advisories/45046
https://secunia.com/advisories/45405
https://secunia.com/advisories/45492
https://secunia.com/advisories/49660
https://security.gentoo.org/glsa/glsa-201206-15.xml
https://support.apple.com/kb/HT5002
https://www.debian.org/security/2011/dsa-2287
https://www.libpng.org/pub/png/libpng.html
https://www.mandriva.com/security/advisories?name=MDVSA-2011:151
https://www.openwall.com/lists/oss-security/2011/07/13/2
https://www.securityfocus.com/bid/48660
https://bugzilla.redhat.com/show_bug.cgi?id=720608
https://exchange.xforce.ibmcloud.com/vulnerabilities/68537

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler update for syslinux

Gentoo update for libpng

Multiple vulnerabilities in libpng

Fedora EPEL 6 update for libpng10