Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2011-3026

Published: 16 February 2012

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

Notes

AuthorNote
jdstrand 
https://ubuntu.com/security/notices/USN-1400-3 had the fix for thunderbird
but it wasn't included

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian 		hardy Does not exist

lucid Not vulnerable
(uses system libpng)
maverick Not vulnerable
(uses system libpng)
natty Not vulnerable
(uses system libpng)
oneiric Not vulnerable
(uses system libpng)
upstream
Released (17.0.963.56)
firefox
Launchpad, Ubuntu, Debian 		hardy Ignored
(reached end-of-life)
lucid
Released (10.0.2+build1-0ubuntu0.10.04.1)
maverick
Released (10.0.2+build1-0ubuntu0.10.10.1)
natty
Released (10.0.2+build1-0ubuntu0.11.04.1)
oneiric
Released (10.0.2+build1-0ubuntu0.11.10.1)
upstream
Released (10.0.2)
libpng
Launchpad, Ubuntu, Debian 		hardy
Released (1.2.15~beta5-3ubuntu0.5)
lucid
Released (1.2.42-1ubuntu2.3)
maverick
Released (1.2.44-1ubuntu0.2)
natty
Released (1.2.44-1ubuntu3.2)
oneiric
Released (1.2.46-3ubuntu1.1)
upstream
Released (1.2.46-5)
Patches:
other: http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
vendor: http://www.debian.org/security/2012/dsa-2410
thunderbird
Launchpad, Ubuntu, Debian 		hardy Ignored
(reached end-of-life)
lucid
Released (3.1.19+build1+nobinonly-0ubuntu0.10.04.1)
maverick
Released (3.1.19+build1+nobinonly-0ubuntu0.10.10.1)
natty
Released (3.1.19+build1+nobinonly-0ubuntu0.11.04.1)
oneiric
Released (11.0+build1-0ubuntu0.11.10.1)
upstream
Released (3.1.19, 10.0.2)
xulrunner-1.9.2
Launchpad, Ubuntu, Debian 		hardy Ignored
(reached end-of-life)
lucid
Released (1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1)
maverick
Released (1.9.2.27+build1+nobinonly-0ubuntu0.10.10.1)
natty
Released (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1)
oneiric Does not exist

upstream Needs triage

References

Bugs

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›

Further reading