CVE-2011-3045
Publication date 20 March 2012
Last updated 24 July 2024
Ubuntu priority
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.
Status
Package | Ubuntu Release | Status |
---|---|---|
chromium-browser | 12.04 LTS precise |
Not affected
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick |
Not affected
|
|
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Not in release | |
firefox | 12.04 LTS precise |
Not affected
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Ignored end of life | |
libpng | 12.04 LTS precise |
Fixed 1.2.46-3ubuntu3
|
11.10 oneiric |
Fixed 1.2.46-3ubuntu1.2
|
|
11.04 natty |
Fixed 1.2.44-1ubuntu3.3
|
|
10.10 maverick |
Fixed 1.2.44-1ubuntu0.3
|
|
10.04 LTS lucid |
Fixed 1.2.42-1ubuntu2.4
|
|
8.04 LTS hardy |
Fixed 1.2.15~beta5-3ubuntu0.6
|
|
thunderbird | 12.04 LTS precise |
Not affected
|
11.10 oneiric |
Not affected
|
|
11.04 natty |
Not affected
|
|
10.10 maverick | Ignored end of life | |
10.04 LTS lucid |
Not affected
|
|
8.04 LTS hardy | Ignored end of life |
Notes
Patch details
References
Related Ubuntu Security Notices (USN)
- USN-1402-1
- libpng vulnerability
- 22 March 2012