CVE-2011-2692

HIGH

libpng 1.0.0-1.0.54, 1.2.0-1.2.44, 1.4.0-1.4.7, 1.5.0-1.5.3 - Memory Corruption via Invalid sCAL Chunk Handling

Title source: llm
STIX 2.1

Description

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

References (28)

Core 28
Core References
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49660
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1103.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/48618
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45046
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1175-1
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=720612
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201206-15.xml
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45461
Product, Vendor Advisory x_refsource_confirm
http://www.libpng.org/pub/png/libpng.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2011/dsa-2287
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45405
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45445
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1105.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45460
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/07/13/2
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5002
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45492
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5281
Broken Link vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1104.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/819894
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Broken Link third-party-advisory x_refsource_secunia
http://secunia.com/advisories/45415

Scores

CVSS v3 8.8
EPSS 0.0423
EPSS Percentile 89.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-119
Status published
Products (8)
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 10.04
canonical/ubuntu_linux 10.10
canonical/ubuntu_linux 11.04
debian/debian_linux 5.0
debian/debian_linux 6.0
fedoraproject/fedora 14
libpng/libpng 1.0.0 - 1.0.55
Published Jul 17, 2011
Tracked Since Feb 18, 2026