CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
98.5%
Integer signedness error in the png_inflate function in pngrutil.c in
libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and
other products, allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted PNG
file, a different vulnerability than CVE-2011-3026.
Author | Note |
---|---|
jdstrand | firefox and thunderbird 16 are not affected |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | libpng | < 1.2.15~beta5-3ubuntu0.6 | UNKNOWN |
ubuntu | 10.04 | noarch | libpng | < 1.2.42-1ubuntu2.4 | UNKNOWN |
ubuntu | 10.10 | noarch | libpng | < 1.2.44-1ubuntu0.3 | UNKNOWN |
ubuntu | 11.04 | noarch | libpng | < 1.2.44-1ubuntu3.3 | UNKNOWN |
ubuntu | 11.10 | noarch | libpng | < 1.2.46-3ubuntu1.2 | UNKNOWN |
ubuntu | 12.04 | noarch | libpng | < 1.2.46-3ubuntu3 | UNKNOWN |