CVE-2011-2692 Information

Feb 14, 2021 cve

Description

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55 1.2.x before 1.2.45 1.4.x before 1.4.8 and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html http://lists.apple.com/archives/security-announce/2012/May/msg00001.html http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html http://secunia.com/advisories/45046 http://secunia.com/advisories/45405 http://secunia.com/advisories/45415 http://secunia.com/advisories/45445 http://secunia.com/advisories/45460 http://secunia.com/advisories/45461 http://secunia.com/advisories/45492 http://secunia.com/advisories/49660 http://security.gentoo.org/glsa/glsa-201206-15.xml http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc279024fb5d6e8024f2184b802440acm.org&forum_name=png-mng-implement http://support.apple.com/kb/HT5002 http://support.apple.com/kb/HT5281 http://www.debian.org/security/2011/dsa-2287 http://www.kb.cert.org/vuls/id/819894 http://www.libpng.org/pub/png/libpng.html http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 http://www.openwall.com/lists/oss-security/2011/07/13/2 http://www.redhat.com/support/errata/RHSA-2011-1103.html http://www.redhat.com/support/errata/RHSA-2011-1104.html http://www.redhat.com/support/errata/RHSA-2011-1105.html http://www.securityfocus.com/bid/48618 http://www.ubuntu.com/usn/USN-1175-1 https://bugzilla.redhat.com/show_bug.cgi?id=720612 https://exchange.xforce.ibmcloud.com/vulnerabilities/68536

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8

Share on: