CVE-2011-2501

Published: 17 July 2011

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

Priority

Low

CVSS 3 base score: 6.5

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream Needs triage

firefox
Launchpad, Ubuntu, Debian
Upstream Needs triage

libpng
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.44-3)
Patches:
Upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af