8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
libpng is vulnerable to denial of service. An uninitialized memory read issue was found in the way libpng processed certain PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash.
libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
lists.apple.com/archives/security-announce/2012/May/msg00001.html
lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
secunia.com/advisories/45046
secunia.com/advisories/45405
secunia.com/advisories/45415
secunia.com/advisories/45445
secunia.com/advisories/45460
secunia.com/advisories/45461
secunia.com/advisories/45492
secunia.com/advisories/49660
security.gentoo.org/glsa/glsa-201206-15.xml
sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
support.apple.com/kb/HT5002
support.apple.com/kb/HT5281
www.debian.org/security/2011/dsa-2287
www.kb.cert.org/vuls/id/819894
www.libpng.org/pub/png/libpng.html
www.mandriva.com/security/advisories?name=MDVSA-2011:151
www.openwall.com/lists/oss-security/2011/07/13/2
www.redhat.com/support/errata/RHSA-2011-1103.html
www.redhat.com/support/errata/RHSA-2011-1104.html
www.redhat.com/support/errata/RHSA-2011-1105.html
www.securityfocus.com/bid/48618
www.ubuntu.com/usn/USN-1175-1
access.redhat.com/errata/RHSA-2011:1105
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=720612
exchange.xforce.ibmcloud.com/vulnerabilities/68536
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P