Lucene search
AmazonALAS-2012-049HistoryMar 04, 2012 - 4:09 p.m.
Important: libpng
2012-03-0416:09:00
alas.aws.amazon.com
26
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.832 High
EPSS
Percentile
98.4%
Issue Overview:
A heap-based buffer overflow flaw was found in libpng. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3026)
Affected Packages:
libpng
Issue Correction:
Run yum update libpng to update your system.
New Packages:
i686:
libpng-static-1.2.46-2.10.amzn1.i686
libpng-debuginfo-1.2.46-2.10.amzn1.i686
libpng-1.2.46-2.10.amzn1.i686
libpng-devel-1.2.46-2.10.amzn1.i686
src:
libpng-1.2.46-2.10.amzn1.src
x86_64:
libpng-static-1.2.46-2.10.amzn1.x86_64
libpng-1.2.46-2.10.amzn1.x86_64
libpng-devel-1.2.46-2.10.amzn1.x86_64
libpng-debuginfo-1.2.46-2.10.amzn1.x86_64
Additional References
Red Hat: CVE-2011-3026
Mitre: CVE-2011-3026
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Amazon Linux | 1 | i686 | libpng-static | < 1.2.46-2.10.amzn1 | libpng-static-1.2.46-2.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libpng-debuginfo | < 1.2.46-2.10.amzn1 | libpng-debuginfo-1.2.46-2.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libpng | < 1.2.46-2.10.amzn1 | libpng-1.2.46-2.10.amzn1.i686.rpm |
| Amazon Linux | 1 | i686 | libpng-devel | < 1.2.46-2.10.amzn1 | libpng-devel-1.2.46-2.10.amzn1.i686.rpm |
| Amazon Linux | 1 | x86_64 | libpng-static | < 1.2.46-2.10.amzn1 | libpng-static-1.2.46-2.10.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libpng | < 1.2.46-2.10.amzn1 | libpng-1.2.46-2.10.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libpng-devel | < 1.2.46-2.10.amzn1 | libpng-devel-1.2.46-2.10.amzn1.x86_64.rpm |
| Amazon Linux | 1 | x86_64 | libpng-debuginfo | < 1.2.46-2.10.amzn1 | libpng-debuginfo-1.2.46-2.10.amzn1.x86_64.rpm |
Related
openvas
openvas
Ubuntu Update for xulrunner-1.9.2 USN-1367-4
2012-02-21 00:00:00
SuSE Update for libpng12 openSUSE-SU-2012:0316-1 (libpng12)
2012-08-02 00:00:00
RedHat Update for xulrunner RHSA-2012:0143-01
2012-02-21 00:00:00
nessus
nessus
RHEL 4 : seamonkey (RHSA-2012:0141)
2012-02-17 00:00:00
CentOS 4 : firefox (CESA-2012:0142)
2012-02-17 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: libpng10-1.0.57-1.fc16
2012-02-28 10:04:32
[SECURITY] Fedora 16 Update: xulrunner-10.0.1-3.fc16
2012-02-19 23:17:56
[SECURITY] Fedora 16 Update: thunderbird-11.0.1-1.fc16
2012-03-31 03:13:41
oraclelinux
oraclelinux
libpng security update
2012-02-20 00:00:00
xulrunner security update
2012-02-16 00:00:00
firefox security update
2012-02-16 00:00:00
veracode
veracode
Denial Of Service (DoS)
2018-11-27 06:57:22
redhat
redhat
(RHSA-2012:0140) Critical: thunderbird security update
2012-02-16 00:00:00
(RHSA-2012:0317) Important: libpng security update
2012-02-20 00:00:00
(RHSA-2012:0143) Critical: xulrunner security update
2012-02-16 00:00:00
ubuntu
ubuntu
Xulrunner vulnerability
2012-02-17 00:00:00
Firefox vulnerability
2012-02-17 00:00:00
Thunderbird vulnerability
2012-02-17 00:00:00
ubuntucve
ubuntucve
CVE-2011-3026
2012-02-16 00:00:00
CVE-2011-3045
2012-03-20 00:00:00
suse
suse
Security update for libpng (important)
2012-02-28 22:37:10
mozilla-xulrunner192: 1.9.2.27 (important)
2012-02-24 16:08:11
libpng12: Fixed a heap based buffer overflow (important)
2012-02-28 22:36:59
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2012-11
2012-02-22 00:00:00
centos
centos
libpng, libpng10 security update
2012-02-20 21:59:45
firefox security update
2012-02-17 01:39:20
thunderbird security update
2012-02-17 02:53:21
altlinux
altlinux
Security fix for the ALT Linux 6 package libpng version 1.2.47-alt1
2012-02-20 00:00:00
cert
cert
libpng chunk decompression integer overflow vulnerability
2012-02-23 00:00:00
debian
debian
[SECURITY] [DSA 2410-1] libpng security update
2012-02-15 20:44:25
checkpoint_advisories
checkpoint_advisories
libpng png_decompress_chunk Integer Overflow (CVE-2011-3026)
2012-05-14 00:00:00
libpng png_decompress_chunk Integer Overflow - ver 2 (CVE-2011-3026)
2012-05-10 00:00:00
threatpost
threatpost
Mozilla to Fix Libpng Bug in Firefox and Thunderbird
2012-02-17 18:43:07
cve
cve
CVE-2011-3026
2012-02-16 20:55:00
CVE-2011-3045
2012-03-22 16:55:00
prion
prion
Integer overflow
2012-02-16 20:55:00
Integer overflow
2012-03-22 16:55:00
freebsd
freebsd
mozilla -- heap-buffer overflow
2012-02-16 00:00:00
ImageMagick and GraphicsMagick -- DoS via specially crafted PNG file
2012-07-28 00:00:00
mozilla
mozilla
libpng integer overflow — Mozilla
2012-02-16 00:00:00
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.832 High
EPSS
Percentile
98.4%
Related for ALAS-2012-049