CVE-2011-2690

Published: 17 July 2011

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
Upstream Needs triage

firefox
Launchpad, Ubuntu, Debian
Upstream Not vulnerable
(7.0.1)
libpng
Launchpad, Ubuntu, Debian
Upstream
Released (1.2.45)
Patches:
Upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5

Notes

AuthorNote
jdstrand
firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7
micahg
per https://bugzilla.mozilla.org/show_bug.cgi?id=669863#c2 Firefox 7+
isn't vulnerable

References

Bugs