CVE-2011-3045
Published: 20 March 2012
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
Notes
| Author | Note |
|---|---|
| jdstrand | firefox and thunderbird 16 are not affected |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Not vulnerable
(uses system libpng)
|
|
| maverick |
Not vulnerable
(uses system libpng)
|
|
| natty |
Not vulnerable
(uses system libpng)
|
|
| oneiric |
Not vulnerable
(uses system libpng)
|
|
| precise |
Not vulnerable
(uses system libpng)
|
|
| upstream |
Needs triage
|
|
|
firefox Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Not vulnerable
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
|
libpng Launchpad, Ubuntu, Debian |
hardy |
Released
(1.2.15~beta5-3ubuntu0.6)
|
| lucid |
Released
(1.2.42-1ubuntu2.4)
|
|
| maverick |
Released
(1.2.44-1ubuntu0.3)
|
|
| natty |
Released
(1.2.44-1ubuntu3.3)
|
|
| oneiric |
Released
(1.2.46-3ubuntu1.2)
|
|
| precise |
Released
(1.2.46-3ubuntu3)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1 (related) vendor: https://rhn.redhat.com/errata/RHSA-2012-0407.html |
||
|
thunderbird Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
| lucid |
Not vulnerable
|
|
| maverick |
Ignored
(reached end-of-life)
|
|
| natty |
Not vulnerable
|
|
| oneiric |
Not vulnerable
|
|
| precise |
Not vulnerable
|
|
| upstream |
Needs triage
|
|