Lucene search

K
nvd[email protected]NVD:CVE-2011-2692
HistoryJul 17, 2011 - 8:55 p.m.

CVE-2011-2692

2011-07-1720:55:01
CWE-119
web.nvd.nist.gov
5

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.1%

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

Affected configurations

Nvd
Node
libpnglibpngRange1.0.01.0.55
OR
libpnglibpngRange1.2.01.2.45
OR
libpnglibpngRange1.4.01.4.8
OR
libpnglibpngRange1.5.01.5.4
Node
fedoraprojectfedoraMatch14
Node
debiandebian_linuxMatch5.0
OR
debiandebian_linuxMatch6.0
Node
canonicalubuntu_linuxMatch8.04
OR
canonicalubuntu_linuxMatch10.04
OR
canonicalubuntu_linuxMatch10.10
OR
canonicalubuntu_linuxMatch11.04
VendorProductVersionCPE
libpnglibpng*cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
fedoraprojectfedora14cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
debiandebian_linux5.0cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
debiandebian_linux6.0cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
canonicalubuntu_linux8.04cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
canonicalubuntu_linux10.04cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
canonicalubuntu_linux10.10cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
canonicalubuntu_linux11.04cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

References

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

AI Score

9.1

Confidence

High

EPSS

0.021

Percentile

89.1%