Home > Vulnerability Database > CVE-2011-2692

Mend.io Vulnerability Database

CVE-2011-2692

Date: July 17, 2011

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Language: C

Severity Score

8.8

Related Resources (32)

Url: http://www.libpng.org/pub/png/libpng.html

Url: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339

Url: http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html

Url: http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

Url: http://www.openwall.com/lists/oss-security/2011/07/13/2

Url: http://www.redhat.com/support/errata/RHSA-2011-1105.html

Url: http://www.kb.cert.org/vuls/id/819894

Url: http://secunia.com/advisories/45046

Url: http://www.mandriva.com/security/advisories?name=MDVSA-2011:151

Url: http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

Url: http://secunia.com/advisories/45461

Url: http://secunia.com/advisories/45460

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2011-2692

Url: http://www.redhat.com/support/errata/RHSA-2011-1104.html

Url: http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement

Url: http://secunia.com/advisories/45405

Url: http://www.ubuntu.com/usn/USN-1175-1

Url: http://secunia.com/advisories/45445

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/68536

Url: http://security.gentoo.org/glsa/glsa-201206-15.xml

Url: http://support.apple.com/kb/HT5281

Url: https://bugzilla.redhat.com/show_bug.cgi?id=720612

Url: http://www.redhat.com/support/errata/RHSA-2011-1103.html

Url: http://secunia.com/advisories/49660

Url: http://www.securityfocus.com/bid/48618

Url: https://nvd.nist.gov/vuln/detail/CVE-2011-2692

Url: http://support.apple.com/kb/HT5002

Url: http://secunia.com/advisories/45492

Url: https://access.redhat.com/security/cve/CVE-2011-2692

Url: http://secunia.com/advisories/45415

Url: http://www.debian.org/security/2011/dsa-2287

Url: https://www.mend.io/vulnerability-database/CVE-2011-2692

Severity Score

8.8

Weakness Type (CWE)

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-119

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2011-2692

Date: July 17, 2011

Language: C

Severity Score

Related Resources (32)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?