6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.906 High
EPSS
Percentile
98.5%
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A heap-based buffer overflow flaw was found in libpng. An attacker could
create a specially-crafted PNG image that, when opened, could cause an
application using libpng to crash or, possibly, execute arbitrary code with
the privileges of the user running the application. (CVE-2011-3026)
Users of libpng and libpng10 should upgrade to these updated packages,
which contain a backported patch to correct this issue. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 4 | ia64 | libpng | < 1.2.7-9.el4 | libpng-1.2.7-9.el4.ia64.rpm |
RedHat | 4 | ia64 | libpng-devel | < 1.2.7-9.el4 | libpng-devel-1.2.7-9.el4.ia64.rpm |
RedHat | 5 | s390x | libpng | < 1.2.10-15.el5_7 | libpng-1.2.10-15.el5_7.s390x.rpm |
RedHat | 5 | x86_64 | libpng | < 1.2.10-15.el5_7 | libpng-1.2.10-15.el5_7.x86_64.rpm |
RedHat | 4 | s390x | libpng10-devel | < 1.0.16-10.el4 | libpng10-devel-1.0.16-10.el4.s390x.rpm |
RedHat | 6 | ppc64 | libpng-static | < 1.2.46-2.el6_2 | libpng-static-1.2.46-2.el6_2.ppc64.rpm |
RedHat | 6 | i686 | libpng-static | < 1.2.46-2.el6_2 | libpng-static-1.2.46-2.el6_2.i686.rpm |
RedHat | 5 | ia64 | libpng-devel | < 1.2.10-15.el5_7 | libpng-devel-1.2.10-15.el5_7.ia64.rpm |
RedHat | 4 | ppc64 | libpng | < 1.2.7-9.el4 | libpng-1.2.7-9.el4.ppc64.rpm |
RedHat | 6 | s390 | libpng-devel | < 1.2.46-2.el6_2 | libpng-devel-1.2.46-2.el6_2.s390.rpm |