1. CVE-Search
  2. CVE-2011-3464
ID CVE-2011-3464
Summary Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*
  • cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*
    cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 23-07-2012 - 04:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
confirm http://www.libpng.org/pub/png/libpng.html
gentoo GLSA-201206-15
secunia
  • 47827
  • 49660
Last major update 23-07-2012 - 04:00
Published 22-07-2012 - 17:55
Last modified 23-07-2012 - 04:00
Back to Top