Lucene search

[email protected]CVE-2011-0408

HistoryJan 18, 2011 - 6:03 p.m.

CVE-2011-0408

2011-01-1818:03:08

CWE-119

[email protected]

web.nvd.nist.gov

cve-2011-0408

libpng

buffer overflow

remote code execution

denial of service

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.255 Low

EPSS

Percentile

96.7%

JSON

pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

libpnglibpngMatch1.5.0

CPENameOperatorVersion
libpng:libpnglibpngeq1.5.0

CPE	Name	Operator	Version
libpng:libpng	libpng	eq	1.5.0

References

ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt

ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt

osvdb.org/70417

secunia.com/advisories/42863

securitytracker.com/id?1024955

sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement

www.kb.cert.org/vuls/id/643140

www.vupen.com/english/advisories/2011/0080

exchange.xforce.ibmcloud.com/vulnerabilities/64637

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

High

0.255 Low

EPSS

Percentile

96.7%

JSON

Related for CVE-2011-0408

cvelist1 cert1 ubuntucve1 prion1 nvd1