Lucene search
Ubuntu.comUB:CVE-2012-3425HistoryAug 13, 2012 - 12:00 a.m.
CVE-2012-3425
2012-08-1300:00:00
ubuntu.com
ubuntu.com
11
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.039 Low
EPSS
Percentile
91.9%
The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before
1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10
allows remote attackers to cause a denial of service (out-of-bounds read)
via a large avail_in field value in a PNG image.
Bugs
Notes
| Author | Note |
|---|---|
| tyhicks | Per Debian BTS, upstream removed the vulnerable function (png_push_read_zTXt) in 1.2.48. |
| jdstrand | firefox and thunderbird are not affected |
Related
nessus
nessus
SuSE 11.1 Security Update : libpng (SAT Patch Number 6596)
2013-01-25 00:00:00
openSUSE Security Update : libpng14 (openSUSE-SU-2012:0934-1)
2014-06-13 00:00:00
SuSE 10 Security Update : libpng (ZYPP Patch Number 8234)
2012-08-15 00:00:00
cve
cve
CVE-2012-3425
2012-08-13 20:55:00
prion
prion
Out-of-bounds
2012-08-13 20:55:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2012:0989-1)
2021-06-09 00:00:00
Ubuntu: Security Advisory (USN-2815-1)
2015-11-20 00:00:00
Debian: Security Advisory (DLA-343-1)
2023-03-08 00:00:00
debian
debian
[SECURITY] [DLA 343-1] libpng security update
2015-11-17 21:28:08
[SECURITY] [DLA 375-1] libpng security update
2015-12-27 21:02:26
osv
osv
libpng - security update
2015-11-17 00:00:00
libpng - security update
2015-12-27 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2015-11-19 00:00:00
ibm
ibm
Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
2022-06-03 14:32:29
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
0.039 Low
EPSS
Percentile
91.9%
Related for UB:CVE-2012-3425