Your submission was sent successfully! Close

CVE-2011-3045

Published: 20 March 2012

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Priority

Medium

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable
(uses system libpng)
maverick Not vulnerable
(uses system libpng)
natty Not vulnerable
(uses system libpng)
oneiric Not vulnerable
(uses system libpng)
precise Not vulnerable
(uses system libpng)
upstream Needs triage

firefox
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable

maverick Ignored
(reached end-of-life)
natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

upstream Needs triage

libpng
Launchpad, Ubuntu, Debian
hardy
Released (1.2.15~beta5-3ubuntu0.6)
lucid
Released (1.2.42-1ubuntu2.4)
maverick
Released (1.2.44-1ubuntu0.3)
natty
Released (1.2.44-1ubuntu3.3)
oneiric
Released (1.2.46-3ubuntu1.2)
precise
Released (1.2.46-3ubuntu3)
upstream Needs triage

Patches:
upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1 (related)
vendor: https://rhn.redhat.com/errata/RHSA-2012-0407.html
thunderbird
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Not vulnerable

maverick Ignored
(reached end-of-life)
natty Not vulnerable

oneiric Not vulnerable

precise Not vulnerable

upstream Needs triage