CVE-2011-3048
Published: 31 December 2011
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
Notes
Author | Note |
---|---|
mdeslaur | RH bug says firefox isn't affected. |
Priority
Status
Package | Release | Status |
---|---|---|
chromium-browser Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Not vulnerable
(uses system libpng)
|
|
maverick |
Not vulnerable
(uses system libpng)
|
|
natty |
Not vulnerable
(uses system libpng)
|
|
oneiric |
Not vulnerable
(uses system libpng)
|
|
upstream |
Needs triage
|
|
firefox Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Not vulnerable
|
|
libpng Launchpad, Ubuntu, Debian |
hardy |
Released
(1.2.15~beta5-3ubuntu0.7)
|
lucid |
Released
(1.2.42-1ubuntu2.5)
|
|
maverick |
Released
(1.2.44-1ubuntu0.4)
|
|
natty |
Released
(1.2.44-1ubuntu3.4)
|
|
oneiric |
Released
(1.2.46-3ubuntu1.3)
|
|
upstream |
Released
(1.2.49)
|
|
Patches: vendor: http://www.debian.org/security/2012/dsa-2446 upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=78322ccdeb994c311f6175fcefdb5761f85722cb#patch24 |
||
thunderbird Launchpad, Ubuntu, Debian |
hardy |
Ignored
(reached end-of-life)
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
upstream |
Not vulnerable
|