ID CVE-2011-3048
Summary The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
References
Vulnerable Configurations
  • libpng 1.0.0
    cpe:2.3:a:libpng:libpng:1.0.0
  • libpng 1.0.1
    cpe:2.3:a:libpng:libpng:1.0.1
  • libpng 1.0.2
    cpe:2.3:a:libpng:libpng:1.0.2
  • libpng 1.0.3
    cpe:2.3:a:libpng:libpng:1.0.3
  • libpng 1.0.5
    cpe:2.3:a:libpng:libpng:1.0.5
  • libpng 1.0.6
    cpe:2.3:a:libpng:libpng:1.0.6
  • libpng 1.0.7
    cpe:2.3:a:libpng:libpng:1.0.7
  • libpng 1.0.8
    cpe:2.3:a:libpng:libpng:1.0.8
  • libpng 1.0.9
    cpe:2.3:a:libpng:libpng:1.0.9
  • libpng 1.0.10
    cpe:2.3:a:libpng:libpng:1.0.10
  • libpng 1.0.11
    cpe:2.3:a:libpng:libpng:1.0.11
  • libpng 1.0.12
    cpe:2.3:a:libpng:libpng:1.0.12
  • libpng 1.0.13
    cpe:2.3:a:libpng:libpng:1.0.13
  • libpng 1.0.14
    cpe:2.3:a:libpng:libpng:1.0.14
  • libpng 1.0.15
    cpe:2.3:a:libpng:libpng:1.0.15
  • libpng 1.0.16
    cpe:2.3:a:libpng:libpng:1.0.16
  • libpng 1.0.17
    cpe:2.3:a:libpng:libpng:1.0.17
  • libpng 1.0.18
    cpe:2.3:a:libpng:libpng:1.0.18
  • libpng 1.0.19
    cpe:2.3:a:libpng:libpng:1.0.19
  • libpng 1.0.20
    cpe:2.3:a:libpng:libpng:1.0.20
  • libpng 1.0.21
    cpe:2.3:a:libpng:libpng:1.0.21
  • libpng 1.0.22
    cpe:2.3:a:libpng:libpng:1.0.22
  • libpng 1.0.23
    cpe:2.3:a:libpng:libpng:1.0.23
  • libpng 1.0.24
    cpe:2.3:a:libpng:libpng:1.0.24
  • libpng 1.0.25
    cpe:2.3:a:libpng:libpng:1.0.25
  • libpng 1.0.26
    cpe:2.3:a:libpng:libpng:1.0.26
  • libpng 1.0.27
    cpe:2.3:a:libpng:libpng:1.0.27
  • libpng 1.0.28
    cpe:2.3:a:libpng:libpng:1.0.28
  • libpng 1.0.29
    cpe:2.3:a:libpng:libpng:1.0.29
  • libpng 1.0.30
    cpe:2.3:a:libpng:libpng:1.0.30
  • libpng 1.0.31
    cpe:2.3:a:libpng:libpng:1.0.31
  • libpng 1.0.32
    cpe:2.3:a:libpng:libpng:1.0.32
  • libpng 1.0.33
    cpe:2.3:a:libpng:libpng:1.0.33
  • libpng 1.0.34
    cpe:2.3:a:libpng:libpng:1.0.34
  • libpng 1.0.35
    cpe:2.3:a:libpng:libpng:1.0.35
  • libpng 1.0.37
    cpe:2.3:a:libpng:libpng:1.0.37
  • libpng 1.0.38
    cpe:2.3:a:libpng:libpng:1.0.38
  • libpng 1.0.39
    cpe:2.3:a:libpng:libpng:1.0.39
  • libpng 1.0.40
    cpe:2.3:a:libpng:libpng:1.0.40
  • libpng 1.0.41
    cpe:2.3:a:libpng:libpng:1.0.41
  • libpng 1.0.42
    cpe:2.3:a:libpng:libpng:1.0.42
  • libpng 1.0.43
    cpe:2.3:a:libpng:libpng:1.0.43
  • libpng 1.0.44
    cpe:2.3:a:libpng:libpng:1.0.44
  • libpng 1.0.45
    cpe:2.3:a:libpng:libpng:1.0.45
  • libpng 1.0.46
    cpe:2.3:a:libpng:libpng:1.0.46
  • libpng 1.0.47
    cpe:2.3:a:libpng:libpng:1.0.47
  • libpng 1.0.48
    cpe:2.3:a:libpng:libpng:1.0.48
  • libpng 1.0.50
    cpe:2.3:a:libpng:libpng:1.0.50
  • libpng 1.0.51
    cpe:2.3:a:libpng:libpng:1.0.51
  • libpng 1.0.52
    cpe:2.3:a:libpng:libpng:1.0.52
  • libpng 1.0.53
    cpe:2.3:a:libpng:libpng:1.0.53
  • libpng 1.0.54
    cpe:2.3:a:libpng:libpng:1.0.54
  • libpng 1.0.55
    cpe:2.3:a:libpng:libpng:1.0.55
  • libpng 1.0.55 release candidate 01
    cpe:2.3:a:libpng:libpng:1.0.55:rc01
  • libpng 1.0.56
    cpe:2.3:a:libpng:libpng:1.0.56
  • libpng 1.0.56 devel
    cpe:2.3:a:libpng:libpng:1.0.56:devel
  • libpng 1.0.57
    cpe:2.3:a:libpng:libpng:1.0.57
  • libpng 1.0.57 release candidate 01
    cpe:2.3:a:libpng:libpng:1.0.57:rc01
  • libpng 1.0.58
    cpe:2.3:a:libpng:libpng:1.0.58
  • libpng 1.2.0
    cpe:2.3:a:libpng:libpng:1.2.0
  • libpng 1.2.1
    cpe:2.3:a:libpng:libpng:1.2.1
  • libpng 1.2.2
    cpe:2.3:a:libpng:libpng:1.2.2
  • libpng 1.2.3
    cpe:2.3:a:libpng:libpng:1.2.3
  • libpng 1.2.4
    cpe:2.3:a:libpng:libpng:1.2.4
  • libpng 1.2.5
    cpe:2.3:a:libpng:libpng:1.2.5
  • libpng 1.2.6
    cpe:2.3:a:libpng:libpng:1.2.6
  • libpng 1.2.7
    cpe:2.3:a:libpng:libpng:1.2.7
  • libpng 1.2.8
    cpe:2.3:a:libpng:libpng:1.2.8
  • libpng 1.2.9
    cpe:2.3:a:libpng:libpng:1.2.9
  • libpng 1.2.10
    cpe:2.3:a:libpng:libpng:1.2.10
  • libpng 1.2.11
    cpe:2.3:a:libpng:libpng:1.2.11
  • libpng 1.2.12
    cpe:2.3:a:libpng:libpng:1.2.12
  • libpng 1.2.13
    cpe:2.3:a:libpng:libpng:1.2.13
  • libpng 1.2.14
    cpe:2.3:a:libpng:libpng:1.2.14
  • libpng 1.2.15
    cpe:2.3:a:libpng:libpng:1.2.15
  • libpng 1.2.16
    cpe:2.3:a:libpng:libpng:1.2.16
  • libpng 1.2.17
    cpe:2.3:a:libpng:libpng:1.2.17
  • libpng 1.2.18
    cpe:2.3:a:libpng:libpng:1.2.18
  • libpng 1.2.19
    cpe:2.3:a:libpng:libpng:1.2.19
  • libpng 1.2.20
    cpe:2.3:a:libpng:libpng:1.2.20
  • libpng 1.2.21
    cpe:2.3:a:libpng:libpng:1.2.21
  • libpng 1.2.22
    cpe:2.3:a:libpng:libpng:1.2.22
  • libpng 1.2.23
    cpe:2.3:a:libpng:libpng:1.2.23
  • libpng 1.2.24
    cpe:2.3:a:libpng:libpng:1.2.24
  • libpng 1.2.25
    cpe:2.3:a:libpng:libpng:1.2.25
  • libpng 1.2.26
    cpe:2.3:a:libpng:libpng:1.2.26
  • libpng 1.2.27
    cpe:2.3:a:libpng:libpng:1.2.27
  • libpng 1.2.28
    cpe:2.3:a:libpng:libpng:1.2.28
  • libpng 1.2.29
    cpe:2.3:a:libpng:libpng:1.2.29
  • libpng 1.2.30
    cpe:2.3:a:libpng:libpng:1.2.30
  • libpng 1.2.31
    cpe:2.3:a:libpng:libpng:1.2.31
  • libpng 1.2.32
    cpe:2.3:a:libpng:libpng:1.2.32
  • libpng 1.2.33
    cpe:2.3:a:libpng:libpng:1.2.33
  • libpng 1.2.34
    cpe:2.3:a:libpng:libpng:1.2.34
  • libpng 1.2.35
    cpe:2.3:a:libpng:libpng:1.2.35
  • libpng 1.2.36
    cpe:2.3:a:libpng:libpng:1.2.36
  • libpng 1.2.37
    cpe:2.3:a:libpng:libpng:1.2.37
  • libpng 1.2.38
    cpe:2.3:a:libpng:libpng:1.2.38
  • libpng 1.2.39
    cpe:2.3:a:libpng:libpng:1.2.39
  • libpng 1.2.40
    cpe:2.3:a:libpng:libpng:1.2.40
  • libpng 1.2.41
    cpe:2.3:a:libpng:libpng:1.2.41
  • libpng 1.2.42
    cpe:2.3:a:libpng:libpng:1.2.42
  • libpng 1.2.43
    cpe:2.3:a:libpng:libpng:1.2.43
  • libpng 1.2.43 devel
    cpe:2.3:a:libpng:libpng:1.2.43:devel
  • libpng 1.2.44
    cpe:2.3:a:libpng:libpng:1.2.44
  • libpng 1.2.45
    cpe:2.3:a:libpng:libpng:1.2.45
  • libpng 1.2.45 devel
    cpe:2.3:a:libpng:libpng:1.2.45:devel
  • libpng 1.2.46
    cpe:2.3:a:libpng:libpng:1.2.46
  • libpng 1.2.46 devel
    cpe:2.3:a:libpng:libpng:1.2.46:devel
  • libpng 1.2.47
    cpe:2.3:a:libpng:libpng:1.2.47
  • libpng 1.2.47 beta
    cpe:2.3:a:libpng:libpng:1.2.47:beta
  • libpng 1.2.48
    cpe:2.3:a:libpng:libpng:1.2.48
  • libpng 1.2.48 betas
    cpe:2.3:a:libpng:libpng:1.2.48:betas
  • libpng 1.4.0
    cpe:2.3:a:libpng:libpng:1.4.0
  • libpng 1.4.1
    cpe:2.3:a:libpng:libpng:1.4.1
  • libpng 1.4.2
    cpe:2.3:a:libpng:libpng:1.4.2
  • libpng 1.4.3
    cpe:2.3:a:libpng:libpng:1.4.3
  • libpng 1.4.4
    cpe:2.3:a:libpng:libpng:1.4.4
  • libpng 1.4.5
    cpe:2.3:a:libpng:libpng:1.4.5
  • libpng 1.4.6
    cpe:2.3:a:libpng:libpng:1.4.6
  • libpng 1.4.7
    cpe:2.3:a:libpng:libpng:1.4.7
  • libpng 1.4.8
    cpe:2.3:a:libpng:libpng:1.4.8
  • libpng 1.4.9
    cpe:2.3:a:libpng:libpng:1.4.9
  • libpng 1.4.10
    cpe:2.3:a:libpng:libpng:1.4.10
  • libpng 1.5.0 beta
    cpe:2.3:a:libpng:libpng:1.5.0:beta
  • libpng 1.5.1
    cpe:2.3:a:libpng:libpng:1.5.1
  • libpng 1.5.1 beta
    cpe:2.3:a:libpng:libpng:1.5.1:beta
  • libpng 1.5.2
    cpe:2.3:a:libpng:libpng:1.5.2
  • libpng 1.5.2 beta
    cpe:2.3:a:libpng:libpng:1.5.2:beta
  • libpng 1.5.3 beta
    cpe:2.3:a:libpng:libpng:1.5.3:beta
  • libpng 1.5.4
    cpe:2.3:a:libpng:libpng:1.5.4
  • libpng 1.5.4 beta
    cpe:2.3:a:libpng:libpng:1.5.4:beta
  • libpng 1.5.5
    cpe:2.3:a:libpng:libpng:1.5.5
  • libpng 1.5.5 beta
    cpe:2.3:a:libpng:libpng:1.5.5:beta
  • libpng 1.5.6
    cpe:2.3:a:libpng:libpng:1.5.6
  • libpng 1.5.6 beta
    cpe:2.3:a:libpng:libpng:1.5.6:beta
  • libpng 1.5.7
    cpe:2.3:a:libpng:libpng:1.5.7
  • libpng 1.5.7 beta
    cpe:2.3:a:libpng:libpng:1.5.7:beta
  • libpng 1.5.8
    cpe:2.3:a:libpng:libpng:1.5.8
  • libpng 1.5.8 beta
    cpe:2.3:a:libpng:libpng:1.5.8:beta
  • libpng 1.5.9
    cpe:2.3:a:libpng:libpng:1.5.9
  • libpng 1.5.9 beta
    cpe:2.3:a:libpng:libpng:1.5.9:beta
  • libpng 1.5.10 beta
    cpe:2.3:a:libpng:libpng:1.5.10:beta
CVSS
Base: 6.8 (as of 30-05-2012 - 10:01)
Impact:
Exploitability:
CWE CWE-119
CAPEC
  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
  • Overflow Binary Resource File
    An attack of this type exploits a buffer overflow vulnerability in the handling of binary resources. Binary resources may include music files like MP3, image files like JPEG files, and any other binary file. These attacks may pass unnoticed to the client machine through normal usage of files, such as a browser loading a seemingly innocent JPEG file. This can allow the attacker access to the execution stack and execute arbitrary code in the target process. This attack pattern is a variant of standard buffer overflow attacks using an unexpected vector (binary files) to wrap its attack and open up a new attack vector. The attacker is required to either directly serve the binary content to the victim, or place it in a locale like a MP3 sharing application, for the victim to download. The attacker then is notified upon the download or otherwise locates the vulnerability opened up by the buffer overflow.
  • Buffer Overflow via Symbolic Links
    This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
  • Overflow Variables and Tags
    This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.
  • Buffer Overflow via Parameter Expansion
    In this attack, the target software is given input that the attacker knows will be modified and expanded in size during processing. This attack relies on the target software failing to anticipate that the expanded data may exceed some internal limit, thereby creating a buffer overflow.
  • Buffer Overflow in an API Call
    This attack targets libraries or shared code modules which are vulnerable to buffer overflow attacks. An attacker who has access to an API may try to embed malicious code in the API function call and exploit a buffer overflow vulnerability in the function's implementation. All clients that make use of the code library thus become vulnerable by association. This has a very broad effect on security across a system, usually affecting more than one software process.
  • Buffer Overflow in Local Command-Line Utilities
    This attack targets command-line utilities available in a number of shells. An attacker can leverage a vulnerability found in a command-line utility to escalate privilege to root.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_5.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.5. The newer version contains multiple security-related fixes for the following components : - Apache - BIND - CoreText - Data Security - ImageIO - Installer - International Components for Unicode - Kernel - Mail - PHP - Profile Manager - QuickLook - QuickTime - Ruby - USB
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62214
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62214
    title Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-004.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-004 applied. This update contains multiple security-related fixes for the following components : - Apache - Data Security - DirectoryService - ImageIO - International Components for Unicode - Mail - PHP - QuickLook - QuickTime - Ruby
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 62213
    published 2012-09-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62213
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2012-206-01.NASL
    description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 60112
    published 2012-07-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60112
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2012-206-01)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20120425_LIBPNG_ON_SL5_X.NASL
    description The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Scientific Linux 5, they contain a backported patch. For Scientific Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 61307
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=61307
    title Scientific Linux Security Update : libpng on SL5.x, SL6.x i386/x86_64
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-2446.NASL
    description It was discovered that incorrect memory handling in the png_set_text2() function of the PNG library could lead to the execution of arbitrary code.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58598
    published 2012-04-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58598
    title Debian DSA-2446-1 : libpng - incorrect memory handling
  • NASL family Gain a shell remotely
    NASL id APPLETV_5_1.NASL
    description According to its banner, the remote Apple TV 2nd generation or later device has a version of iOS that is prior to 5.1. It is, therefore, reportedly affected by several vulnerabilities : - An uninitialized memory access issue in the handling of Sorenson encoded movie files could lead to arbitrary code execution. (CVE-2012-3722) - Following the DNAv4 protocol, the device may broadcast MAC addresses of previously accessed networks when connecting to a Wi-Fi network. (CVE-2012-3725) - A buffer overflow in libtiff's handling of ThunderScan encoded TIFF images could lead to arbitrary code execution. (CVE-2011-1167) - Multiple memory corruption issues in libpng's handling of PNG images could lead to arbitrary code execution. (CVE-2011-3026 / CVE-2011-3048 / CVE-2011-3328) - A double free issue in ImageIO's handling of JPEG images could lead to arbitrary code execution. (CVE-2012-3726) - An integer overflow issue in libTIFF's handling of TIFF images could lead to arbitrary code execution. (CVE-2012-1173) - A stack-based buffer overflow in the handling of ICU locale IDs could lead to arbitrary code execution. (CVE-2011-4599) - Multiple vulnerabilities in libxml could have a variety of impacts, including arbitrary code execution. (CVE-2011-1944 / CVE-2011-2821 / CVE-2011-2834 / CVE-2011-3919) - Multiple memory corruption issues in JavaScriptCore could lead to arbitrary code execution. (CVE-2012-0682 / CVE-2012-0683 / CVE-2012-3589 / CVE-2012-3590 / CVE-2012-3591 / CVE-2012-3592 / CVE-2012-3678 / CVE-2012-3679)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 62357
    published 2012-09-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62357
    title Apple TV < 5.1 Multiple Vulnerabilities
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS11_LIBPNG_20130313.NASL
    description The remote Solaris system is missing necessary patches to address security updates : - Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation. (CVE-2011-3026) - The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow. (CVE-2011-3048)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 80674
    published 2015-01-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=80674
    title Oracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5526.NASL
    description Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58715
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58715
    title Fedora 17 : libpng-1.5.10-1.fc17 (2012-5526)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPNG-DEVEL-120330.NASL
    description The following security issue has been fixed : - specially crafted png files could have caused a memory corruption in libpng's png_set_text_2() function. (CVE-2011-3048)
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 64189
    published 2013-01-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64189
    title SuSE 11.1 Security Update : libpng (SAT Patch Number 6077)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5515.NASL
    description Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58857
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58857
    title Fedora 15 : libpng-1.2.49-1.fc15 (2012-5515)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5518.NASL
    description Fix minor security issue (CVE-2011-3048) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58858
    published 2012-04-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58858
    title Fedora 16 : libpng-1.2.49-1.fc16 (2012-5518)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0523.NASL
    description Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58882
    published 2012-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58882
    title RHEL 5 / 6 : libpng (RHSA-2012:0523)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2012-68.NASL
    description A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 69675
    published 2013-09-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69675
    title Amazon Linux AMI : libpng (ALAS-2012-68)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_1_BUILD_911593_REMOTE.NASL
    description The remote VMware ESXi 5.1 host is affected by the following security vulnerabilities : - An input validation error exists in the function 'png_set_text_2' in the libpng library that could allow memory corruption and arbitrary code execution. (CVE-2011-3048) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI). A local attacker can exploit this, via control code, to change allocated memory, resulting in the escalation of privileges. (CVE-2013-1406) - An error exists related to Network File Copy (NFC) handling that could allow denial of service attacks or arbitrary code execution. (CVE-2013-1659)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70888
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70888
    title ESXi 5.1 < Build 911593 Multiple Vulnerabilities (remote check)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201206-15.NASL
    description The remote host is affected by the vulnerability described in GLSA-201206-15 (libpng: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in libpng: The “embedded_profile_len()” function in pngwutil.c does not check for negative values, resulting in a memory leak (CVE-2009-5063). The “png_format_buffer()” function in pngerror.c contains an off-by-one error (CVE-2011-2501). The “png_rgb_to_gray()” function in pngrtran.c contains an integer overflow error (CVE-2011-2690). The “png_err()” function in pngerror.c contains a NULL pointer dereference error (CVE-2011-2691). The “png_handle_sCAL()” function in pngrutil.c improperly handles malformed sCAL chunks(CVE-2011-2692). The “png_decompress_chunk()” function in pngrutil.c contains an integer overflow error (CVE-2011-3026). The “png_inflate()” function in pngrutil.c contains and out of bounds error (CVE-2011-3045). The “png_set_text_2()” function in pngset.c contains an error which could result in memory corruption (CVE-2011-3048). The “png_formatted_warning()” function in pngerror.c contains an off-by-one error (CVE-2011-3464). Impact : An attacker could exploit these vulnerabilities to execute arbitrary code with the permissions of the user running the vulnerable program, which could be the root user, or to cause programs linked against the library to crash. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 59668
    published 2012-06-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59668
    title GLSA-201206-15 : libpng: Multiple vulnerabilities
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL15881.NASL
    description The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 79604
    published 2014-11-28
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79604
    title F5 Networks BIG-IP : Libpng vulnerability (SOL15881)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1417-1.NASL
    description It was discovered that libpng incorrectly handled certain memory operations. If a user or automated system using libpng were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or execute code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 58617
    published 2012-04-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58617
    title Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerability (USN-1417-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0523.NASL
    description Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58879
    published 2012-04-26
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58879
    title CentOS 5 / 6 : libpng (CESA-2012:0523)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2012-046.NASL
    description A potential memory corruption has been found and corrected in libpng (CVE-2011-3048). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 58558
    published 2012-04-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58558
    title Mandriva Linux Security Advisory : libpng (MDVSA-2012:046)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-4902.NASL
    description This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58705
    published 2012-04-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58705
    title Fedora 17 : libpng10-1.0.59-1.fc17 (2012-4902)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-8043.NASL
    description The following security issue has been fixed : - specially crafted png files could have caused a memory corruption in libpng's png_set_text_2() function. (CVE-2011-3048)
    last seen 2019-02-21
    modified 2012-06-15
    plugin id 59494
    published 2012-06-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=59494
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 8043)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_262B92FE81C811E18899001EC9578670.NASL
    description The PNG project reports : libpng fails to correctly handle malloc() failures for text chunks (in png_set_text_2()), which can lead to memory corruption and the possibility of remote code execution.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 58640
    published 2012-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58640
    title FreeBSD : png -- memory corruption/possible remote code execution (262b92fe-81c8-11e1-8899-001ec9578670)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2012-217.NASL
    description specially crafted png files could cause a memory corruption in libpng's png_set_text_2()
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 74594
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=74594
    title openSUSE Security Update : libpng (openSUSE-SU-2012:0491-1)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0523.NASL
    description From Red Hat Security Advisory 2012:0523 : Updated libpng packages that fix one security issue are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A heap-based buffer overflow flaw was found in the way libpng processed tEXt chunks in PNG image files. An attacker could create a specially crafted PNG image file that, when opened, could cause an application using libpng to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2011-3048) Users of libpng should upgrade to these updated packages, which correct this issue. For Red Hat Enterprise Linux 5, they contain a backported patch. For Red Hat Enterprise Linux 6, they upgrade libpng to version 1.2.49. All running applications using libpng must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68520
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68520
    title Oracle Linux 5 / 6 : libpng (ELSA-2012-0523)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5080.NASL
    description This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58637
    published 2012-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58637
    title Fedora 16 : libpng10-1.0.59-1.fc16 (2012-5080)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2012-5079.NASL
    description This update includes a fix for a potential memory corruption issue (CVE-2011-3048). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-20
    plugin id 58636
    published 2012-04-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58636
    title Fedora 15 : libpng10-1.0.59-1.fc15 (2012-5079)
  • NASL family Misc.
    NASL id VMWARE_ESXI_5_0_BUILD_912577_REMOTE.NASL
    description The remote VMware ESXi 5.0 host is affected by Multiple Vulnerabilities : - An integer overflow condition exists in the __tzfile_read() function in the glibc library. An unauthenticated, remote attacker can exploit this, via a crafted timezone (TZ) file, to cause a denial of service or the execution of arbitrary code. (CVE-2009-5029) - ldd in the glibc library is affected by a privilege escalation vulnerability due to the omission of certain LD_TRACE_LOADED_OBJECTS checks in a crafted executable file. Note that this vulnerability is disputed by the library vendor. (CVE-2009-5064) - A remote code execution vulnerability exists in the glibc library due to an integer signedness error in the elf_get_dynamic_info() function when the '--verify' option is used. A remote attacker can exploit this by using a crafted ELF program with a negative value for a certain d_tag structure member in the ELF header. (CVE-2010-0830) - A flaw exists in OpenSSL due to a failure to properly prevent modification of the ciphersuite in the session cache when SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG is enabled. A remote attacker can exploit this to force a downgrade to an unintended cipher by intercepting the network traffic to discover a session identifier. (CVE-2010-4180) - A flaw exists in OpenSSL due to a failure to properly validate the public parameters in the J-PAKE protocol when J-PAKE is enabled. A remote attacker can exploit this, by sending crafted values in each round of the protocol, to bypass the need for knowledge of the shared secret. (CVE-2010-4252) - A out-of-bounds memory error exists in OpenSSL that allows a remote attacker to cause a denial of service or possibly obtain sensitive information by using a malformed ClientHello handshake message. This is also known as the 'OCSP stapling vulnerability'. (CVE-2011-0014) - A flaw exists in the addmntent() function in the glibc library due to a failure to report the error status for failed attempts to write to the /etc/mtab file. A local attacker can exploit this to corrupt the file by using writes from a process with a small RLIMIT_FSIZE value. (CVE-2011-1089) - A flaw exists in the png_set_text_2() function in the file pngset.c in the libpng library due to a failure to properly allocate memory. An unauthenticated, remote attacker can exploit this, via a crafted text chunk in a PNG image file, to trigger a heap-based buffer overflow, resulting in denial of service or the execution of arbitrary code. (CVE-2011-3048) - A flaw exists in the DTLS implementation in OpenSSL due to performing a MAC check only if certain padding is valid. A remote attacker can exploit this, via a padding oracle attack, to recover the plaintext. (CVE-2011-4108) - A double-free error exists in OpenSSL when the X509_V_FLAG_POLICY_CHECK is enabled. A remote attacker can exploit this by triggering a policy check failure, resulting in an unspecified impact. (CVE-2011-4109) - A flaw exists in OpenSSL in the SSL 3.0 implementation due to improper initialization of data structures used for block cipher padding. A remote attacker can exploit this, by decrypting the padding data sent by an SSL peer, to obtain sensitive information. (CVE-2011-4576) - A denial of service vulnerability exists in OpenSSL when RFC 3779 support is enabled. A remote attacker can exploit this to cause an assertion failure, by using an X.509 certificate containing certificate extension data associated with IP address blocks or Autonomous System (AS) identifiers. (CVE-2011-4577) - A denial of service vulnerability exists in the RPC implementation in the glibc library due to a flaw in the svc_run() function. A remote attacker can exploit this, via large number of RPC connections, to exhaust CPU resources. (CVE-2011-4609) - A denial of service vulnerability exists in the Server Gated Cryptography (SGC) implementation in OpenSSL due to a failure to properly handle handshake restarts. A remote attacker can exploit this, via unspecified vectors, to exhaust CPU resources. (CVE-2011-4619) - A denial of service vulnerability exists in OpenSSL due to improper support of DTLS applications. A remote attacker can exploit this, via unspecified vectors related to an out-of-bounds read error. Note that this vulnerability exists because of an incorrect fix for CVE-2011-4108. (CVE-2012-0050) - A security bypass vulnerability exists in the glibc library due to an integer overflow condition in the vfprintf() function in file stdio-common/vfprintf.c. An attacker can exploit this, by using a large number of arguments, to bypass the FORTIFY_SOURCE protection mechanism, allowing format string attacks or writing to arbitrary memory. (CVE-2012-0864) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string that uses positional parameters and many format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus causing stack corruption and a crash. (CVE-2012-3404) - A denial of service vulnerability exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly calculate a buffer length. An attacker can exploit this, via a format string with a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering desynchronization within the buffer size handling, resulting in a segmentation fault and crash. (CVE-2012-3405) - A flaw exists in the glibc library in the vfprintf() function in file stdio-common/vfprintf.c due to a failure to properly restrict the use of the alloca() function when allocating the SPECS array. An attacker can exploit this, via a crafted format string using positional parameters and a large number of format specifiers, to bypass the FORTIFY_SOURCE format-string protection mechanism, thus triggering a denial of service or the possible execution of arbitrary code. (CVE-2012-3406) - A flaw exists in the glibc library due to multiple integer overflow conditions in the strtod(), strtof(), strtold(), strtod_l(), and other unspecified related functions. A local attacker can exploit these to trigger a stack-based buffer overflow, resulting in an application crash or the possible execution of arbitrary code. (CVE-2012-3480) - A privilege escalation vulnerability exists in the Virtual Machine Communication Interface (VMCI) due to a failure by control code to properly restrict memory allocation. A local attacker can exploit this, via unspecified vectors, to gain privileges. (CVE-2013-1406) - An error exists in the implementation of the Network File Copy (NFC) protocol. A man-in-the-middle attacker can exploit this, by modifying the client-server data stream, to cause a denial of service or the execution of arbitrary code. (CVE-2013-1659)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 70885
    published 2013-11-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=70885
    title ESXi 5.0 < Build 912577 Multiple Vulnerabilities (remote check)
redhat via4
advisories
bugzilla
id 808139
title CVE-2011-3048 libpng: memory corruption flaw
oval
OR
  • AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.49-1.el6_2
          oval oval:com.redhat.rhsa:tst:20120523005
        • comment libpng is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105006
      • AND
        • comment libpng-devel is earlier than 2:1.2.49-1.el6_2
          oval oval:com.redhat.rhsa:tst:20120523007
        • comment libpng-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105010
      • AND
        • comment libpng-static is earlier than 2:1.2.49-1.el6_2
          oval oval:com.redhat.rhsa:tst:20120523009
        • comment libpng-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20111105008
  • AND
    • comment Red Hat Enterprise Linux 5 is installed
      oval oval:com.redhat.rhsa:tst:20070055001
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.10-17.el5_8
          oval oval:com.redhat.rhsa:tst:20120523012
        • comment libpng is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070356017
      • AND
        • comment libpng-devel is earlier than 2:1.2.10-17.el5_8
          oval oval:com.redhat.rhsa:tst:20120523014
        • comment libpng-devel is signed with Red Hat redhatrelease key
          oval oval:com.redhat.rhsa:tst:20070356019
rhsa
id RHSA-2012:0523
released 2012-04-25
severity Moderate
title RHSA-2012:0523: libpng security update (Moderate)
rpms
  • libpng-2:1.2.49-1.el6_2
  • libpng-devel-2:1.2.49-1.el6_2
  • libpng-static-2:1.2.49-1.el6_2
  • libpng-2:1.2.10-17.el5_8
  • libpng-devel-2:1.2.10-17.el5_8
refmap via4
apple
  • APPLE-SA-2012-09-19-1
  • APPLE-SA-2012-09-19-2
bid 52830
confirm
debian DSA-2446
fedora
  • FEDORA-2012-4902
  • FEDORA-2012-5079
  • FEDORA-2012-5080
  • FEDORA-2012-5515
  • FEDORA-2012-5518
  • FEDORA-2012-5526
gentoo GLSA-201206-15
mandriva MDVSA-2012:046
osvdb 80822
sectrack 1026879
secunia
  • 48587
  • 48644
  • 48665
  • 48721
  • 48983
  • 49660
ubuntu USN-1417-1
xf libpng-pngsettext2-code-execution(74494)
Last major update 21-09-2012 - 23:24
Published 29-05-2012 - 16:55
Last modified 28-12-2017 - 21:29
Back to Top