Your submission was sent successfully! Close

CVE-2011-3026

Published: 16 February 2012

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

Notes

AuthorNote
jdstrand
https://ubuntu.com/security/notices/USN-1400-3 had the fix for thunderbird
but it wasn't included
Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(uses system libpng)
maverick Not vulnerable
(uses system libpng)
natty Not vulnerable
(uses system libpng)
oneiric Not vulnerable
(uses system libpng)
upstream
Released (17.0.963.56)
firefox
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (10.0.2+build1-0ubuntu0.10.04.1)
maverick
Released (10.0.2+build1-0ubuntu0.10.10.1)
natty
Released (10.0.2+build1-0ubuntu0.11.04.1)
oneiric
Released (10.0.2+build1-0ubuntu0.11.10.1)
upstream
Released (10.0.2)
libpng
Launchpad, Ubuntu, Debian
hardy
Released (1.2.15~beta5-3ubuntu0.5)
lucid
Released (1.2.42-1ubuntu2.3)
maverick
Released (1.2.44-1ubuntu0.2)
natty
Released (1.2.44-1ubuntu3.2)
oneiric
Released (1.2.46-3ubuntu1.1)
upstream
Released (1.2.46-5)
Patches:
other: http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
vendor: http://www.debian.org/security/2012/dsa-2410
thunderbird
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (3.1.19+build1+nobinonly-0ubuntu0.10.04.1)
maverick
Released (3.1.19+build1+nobinonly-0ubuntu0.10.10.1)
natty
Released (3.1.19+build1+nobinonly-0ubuntu0.11.04.1)
oneiric
Released (11.0+build1-0ubuntu0.11.10.1)
upstream
Released (3.1.19, 10.0.2)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid
Released (1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1)
maverick
Released (1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1)
natty
Released (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1)
oneiric Does not exist

upstream Needs triage