8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.3%
The PNG library libpng has been affected by several vulnerabilities. The most
critical one is the identified as
CVE-2011-2690. Using this vulnerability, an attacker is able to overwrite
memory with an arbitrary amount of data controlled by her via a crafted PNG
image.
The other vulnerabilities are less critical and allow an attacker to
cause a crash in the program (denial of service) via a crafted PNG
image.
For the oldstable distribution (lenny), this problem has been fixed in
version 1.2.27-2+lenny5. Due to a technical limitation in the Debian
archive processing scripts, the updated packages cannot be released
in parallel with the packages for Squeeze. They will appear shortly.
For the stable distribution (squeeze), this problem has been fixed in
version 1.2.44-1+squeeze1.
For the unstable distribution (sid), this problem has been fixed in
version 1.2.46-1.
We recommend that you upgrade your libpng packages.
CPE | Name | Operator | Version |
---|---|---|---|
libpng | eq | 1.2.27-2 | |
libpng | eq | 1.2.27-2+lenny2 | |
libpng | eq | 1.2.27-2+lenny3 | |
libpng | eq | 1.2.27-2+lenny4 |
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.008 Low
EPSS
Percentile
79.3%