CVE-2012-3425
libpng < 1.0.58, 1.2.48, 1.4.10, 1.5.10 DoS via Large avail_in Field
Title source: llmDescription
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.
References (9)
Core 9
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/24/3
Product x_refsource_misc
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/24/5
Third Party Advisory x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082
Product x_refsource_misc
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14
Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html
Product x_refsource_misc
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10
Product x_refsource_misc
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2815-1
Scores
EPSS
0.0336
EPSS Percentile
87.3%
Details
CWE
CWE-119
Status
published
Products (50)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
15.04
canonical/ubuntu_linux
15.10
debian/debian_linux
6.0
libpng/libpng
1.4.0
libpng/libpng
1.4.1
libpng/libpng
1.4.2
libpng/libpng
1.4.3
libpng/libpng
1.4.4
... and 40 more
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026