Lucene search

[email protected]CVE-2011-3328

HistoryJan 17, 2012 - 7:55 p.m.

CVE-2011-3328

2012-01-1719:55:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2011-3328

libpng

pngrutil.c

color-correction

denial of service

divide-by-zero error

application crash

6.3 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.

CPENameOperatorVersion
greg_roelofs:libpnggreg roelofs libpngeq1.5.4

CPE	Name	Operator	Version
greg_roelofs:libpng	greg roelofs libpng	eq	1.5.4

References

libpng.org/pub/png/libpng.html

lists.apple.com/archives/security-announce/2012/Feb/msg00000.html

lists.apple.com/archives/security-announce/2012/May/msg00001.html

lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

sourceforge.net/tracker/index.php?func=detail&aid=3406145&group_id=5624&atid=105624

support.apple.com/kb/HT5130

support.apple.com/kb/HT5281

support.apple.com/kb/HT5503

www.kb.cert.org/vuls/id/477046

bugzilla.redhat.com/show_bug.cgi?id=740864

6.3 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.04 Low

EPSS

Percentile

92.0%

JSON

Related for CVE-2011-3328

prion1 ubuntucve1 veracode1 securityvulns7 nessus5 openvas4