CVE-2011-3026

2012-02-1600:00:00

ubuntu.com

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.832 High

EPSS

Percentile

98.4%

JSON

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors that trigger an integer
truncation.

Bugs

Notes

Author	Note
jdstrand	https://ubuntu.com/security/notices/USN-1400-3 had the fix for thunderbird but it wasn’t included

OSVersionArchitecturePackageVersionFilename
ubuntu10.04noarchfirefox< 10.0.2+build1-0ubuntu0.10.04.1UNKNOWN
ubuntu10.10noarchfirefox< 10.0.2+build1-0ubuntu0.10.10.1UNKNOWN
ubuntu11.04noarchfirefox< 10.0.2+build1-0ubuntu0.11.04.1UNKNOWN
ubuntu11.10noarchfirefox< 10.0.2+build1-0ubuntu0.11.10.1UNKNOWN
ubuntu8.04noarchlibpng< 1.2.15~beta5-3ubuntu0.5UNKNOWN
ubuntu10.04noarchlibpng< 1.2.42-1ubuntu2.3UNKNOWN
ubuntu10.10noarchlibpng< 1.2.44-1ubuntu0.2UNKNOWN
ubuntu11.04noarchlibpng< 1.2.44-1ubuntu3.2UNKNOWN
ubuntu11.10noarchlibpng< 1.2.46-3ubuntu1.1UNKNOWN
ubuntu10.04noarchthunderbird< 3.1.19+build1+nobinonly-0ubuntu0.10.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.04	noarch	firefox	< 10.0.2+build1-0ubuntu0.10.04.1	UNKNOWN
ubuntu	10.10	noarch	firefox	< 10.0.2+build1-0ubuntu0.10.10.1	UNKNOWN
ubuntu	11.04	noarch	firefox	< 10.0.2+build1-0ubuntu0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	firefox	< 10.0.2+build1-0ubuntu0.11.10.1	UNKNOWN
ubuntu	8.04	noarch	libpng	< 1.2.15~beta5-3ubuntu0.5	UNKNOWN
ubuntu	10.04	noarch	libpng	< 1.2.42-1ubuntu2.3	UNKNOWN
ubuntu	10.10	noarch	libpng	< 1.2.44-1ubuntu0.2	UNKNOWN
ubuntu	11.04	noarch	libpng	< 1.2.44-1ubuntu3.2	UNKNOWN
ubuntu	11.10	noarch	libpng	< 1.2.46-3ubuntu1.1	UNKNOWN
ubuntu	10.04	noarch	thunderbird	< 3.1.19+build1+nobinonly-0ubuntu0.10.04.1	UNKNOWN