Lucene search

K

[email protected]CVE-2011-3048

HistoryMay 29, 2012 - 8:55 p.m.

CVE-2011-3048

2012-05-2920:55:00

CWE-119

[email protected]

web.nvd.nist.gov

48

cve-2011-3048

png_set_text_2

libpng

denial of service

code execution

buffer overflow

nvd

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.2%

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.

CPENameOperatorVersion
libpng:libpnglibpngeq1.0.37
libpng:libpnglibpngeq1.0.41
libpng:libpnglibpngeq1.0.46
libpng:libpnglibpngeq1.0.1
libpng:libpnglibpngeq1.0.8
libpng:libpnglibpngeq1.0.55
libpng:libpnglibpngeq1.0.14
libpng:libpnglibpngeq1.0.17
libpng:libpnglibpngeq1.0.35
libpng:libpnglibpngeq1.0.52

Rows per page:

1-10 of 1271

References

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html

rhn.redhat.com/errata/RHSA-2012-0523.html

secunia.com/advisories/48587

secunia.com/advisories/48644

secunia.com/advisories/48665

secunia.com/advisories/48721

secunia.com/advisories/48983

secunia.com/advisories/49660

security.gentoo.org/glsa/glsa-201206-15.xml

support.apple.com/kb/HT5501

support.apple.com/kb/HT5503

ubuntu.com/usn/usn-1417-1

www.debian.org/security/2012/dsa-2446

www.libpng.org/pub/png/libpng.html

www.libpng.org/pub/png/src/libpng-1.5.10-README.txt

www.mandriva.com/security/advisories?name=MDVSA-2012:046

www.osvdb.org/80822

www.securityfocus.com/bid/52830

www.securitytracker.com/id?1026879

exchange.xforce.ibmcloud.com/vulnerabilities/74494

8.8 High

AI Score

Confidence

High

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.056 Low

EPSS

Percentile

93.2%

Related for CVE-2011-3048

nessus30 prion1 openvas35 redhat1 ubuntu1 veracode1 fedora6 f52 ubuntucve1 amazon1 centos1 debian1 altlinux1 oraclelinux1 freebsd1 securityvulns7 slackware1 gentoo1 ibm1