CVE-2011-3045

Published: 20 March 2012

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Notes

Author	Note
jdstrand	firefox and thunderbird 16 are not affected

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	hardy	Does not exist
	lucid	Not vulnerable (uses system libpng)
	maverick	Not vulnerable (uses system libpng)
	natty	Not vulnerable (uses system libpng)
	oneiric	Not vulnerable (uses system libpng)
	precise	Not vulnerable (uses system libpng)
	upstream	Needs triage
firefox Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Not vulnerable
	maverick	Ignored (end of life)
	natty	Not vulnerable
	oneiric	Not vulnerable
	precise	Not vulnerable
	upstream	Needs triage
libpng Launchpad, Ubuntu, Debian	hardy	Released (1.2.15~beta5-3ubuntu0.6)
	lucid	Released (1.2.42-1ubuntu2.4)
	maverick	Released (1.2.44-1ubuntu0.3)
	natty	Released (1.2.44-1ubuntu3.3)
	oneiric	Released (1.2.46-3ubuntu1.2)
	precise	Released (1.2.46-3ubuntu3)
	upstream	Needs triage
	Patches: upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1 vendor: https://rhn.redhat.com/errata/RHSA-2012-0407.html
thunderbird Launchpad, Ubuntu, Debian	hardy	Ignored (end of life)
	lucid	Not vulnerable
	maverick	Ignored (end of life)
	natty	Not vulnerable
	oneiric	Not vulnerable
	precise	Not vulnerable
	upstream	Needs triage

References

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›