Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2011-3045

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Published

2012-03-22T16:55:01.160

Last Modified

2025-06-09T16:15:22.810

Status

Deferred

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

6.4

Weaknesses

Type: Primary
CWE-190
Type: Secondary
CWE-195

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	google	chrome	< 17.0.963.83	Yes
Application	redhat	gluster_storage	2.0	Yes
Application	redhat	storage	2.0	Yes
Application	redhat	storage_for_public_cloud	2.0	Yes
Operating System	debian	debian_linux	6.0	Yes
Operating System	fedoraproject	fedora	15	Yes
Operating System	fedoraproject	fedora	16	Yes
Operating System	fedoraproject	fedora	17	Yes
Operating System	opensuse	opensuse	12.1	Yes
Operating System	redhat	enterprise_linux	5.0	Yes
Operating System	redhat	enterprise_linux	6.0	Yes
Operating System	redhat	enterprise_linux_desktop	5.0	Yes
Operating System	redhat	enterprise_linux_desktop	6.0	Yes
Operating System	redhat	enterprise_linux_server_aus	6.2	Yes
Operating System	redhat	enterprise_linux_server_eus	6.2	Yes
Operating System	redhat	enterprise_linux_workstation	5.0	Yes
Operating System	redhat	enterprise_linux_workstation	6.0	Yes
Application	libpng	libpng	< 1.5.10	Yes

References

http://code.google.com/p/chromium/issues/detail?id=116162 Vendor Advisory ([email protected])
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html Release Notes, Vendor Advisory ([email protected])
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html Mailing List, Third Party Advisory ([email protected])
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html Mailing List, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-0407.html Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2012-0488.html Third Party Advisory ([email protected])
http://secunia.com/advisories/48320 Not Applicable ([email protected])
http://secunia.com/advisories/48485 Not Applicable ([email protected])
http://secunia.com/advisories/48512 Not Applicable ([email protected])
http://secunia.com/advisories/48554 Not Applicable ([email protected])
http://secunia.com/advisories/49660 Not Applicable ([email protected])
http://security.gentoo.org/glsa/glsa-201206-15.xml Third Party Advisory ([email protected])
http://src.chromium.org/viewvc/chrome?view=rev&revision=125311 Patch, Vendor Advisory ([email protected])
http://www.debian.org/security/2012/dsa-2439 Third Party Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 Not Applicable ([email protected])
http://www.securitytracker.com/id?1026823 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=799000 Issue Tracking, Patch, Third Party Advisory ([email protected])
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 Third Party Advisory ([email protected])
http://code.google.com/p/chromium/issues/detail?id=116162 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html Release Notes, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0407.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2012-0488.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48320 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48485 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48512 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/48554 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/49660 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://security.gentoo.org/glsa/glsa-201206-15.xml Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://src.chromium.org/viewvc/chrome?view=rev&revision=125311 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2012/dsa-2439 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:033 Not Applicable (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id?1026823 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=799000 Issue Tracking, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)