CVE-2011-3045

Summary

CVE	CVE-2011-3045
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2012-03-22 16:55:00 UTC
Updated	2023-11-07 02:08:00 UTC
Description	Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	6.0	All	All	All
Operating System	Debian	Debian Linux	6.0	All	All	All
Operating System	Fedoraproject	Fedora	15	All	All	All
Operating System	Fedoraproject	Fedora	16	All	All	All
Operating System	Fedoraproject	Fedora	17	All	All	All
Operating System	Fedoraproject	Fedora	15	All	All	All
Operating System	Fedoraproject	Fedora	16	All	All	All
Operating System	Fedoraproject	Fedora	17	All	All	All
Application	Google	Chrome	All	All	All	All
Application	Google	Chrome	All	All	All	All
Application	Libpng	Libpng	All	All	All	All
Application	Libpng	Libpng	All	All	All	All
Operating System	Opensuse	Opensuse	12.1	All	All	All
Operating System	Opensuse	Opensuse	12.1	All	All	All
Operating System	Redhat	Enterprise Linux	5.0	All	All	All
Operating System	Redhat	Enterprise Linux	6.0	All	All	All
Operating System	Redhat	Enterprise Linux	5.0	All	All	All
Operating System	Redhat	Enterprise Linux	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Desktop	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	6.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Aus	6.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	6.2	All	All	All
Operating System	Redhat	Enterprise Linux Server Eus	6.2	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	5.0	All	All	All
Operating System	Redhat	Enterprise Linux Workstation	6.0	All	All	All
Application	Redhat	Gluster Storage	2.0	All	All	All
Application	Redhat	Gluster Storage	2.0	All	All	All
Application	Redhat	Storage	2.0	All	All	All
Application	Redhat	Storage	2.0	All	All	All
Application	Redhat	Storage For Public Cloud	2.0	All	All	All
Application	Redhat	Storage For Public Cloud	2.0	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 17 Update: libpng-1.5.9-1.fc17	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
openSUSE-SU-2012:0432-1: moderate: update for libpng12, libpng14	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
Repository / Oval Repository	OVAL	oval.cisecurity.org	Third Party Advisory
Chrome Releases: Stable Channel Update	CONFIRM	googlechromereleases.blogspot.com	Release Notes, Vendor Advisory
Security Alerts - Secunia	SECUNIA	secunia.com	Not Applicable
libpng Memory Error in png_inflate() Lets Remote Users Execute Arbitrary Code - SecurityTracker	SECTRACK	www.securitytracker.com	Third Party Advisory, VDB Entry
Security Alerts - Secunia	SECUNIA	secunia.com	Not Applicable
Security Alerts - Secunia	SECUNIA	secunia.com	Not Applicable
[SECURITY] Fedora 17 Update: libpng10-1.0.58-1.fc17	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
[SECURITY] Fedora 16 Update: libpng-1.2.48-1.fc16	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
LIBPNG: PNG reference library / Git tools		libpng.git.sourceforge.net
LIBPNG: PNG reference library / Git tools	CONFIRM	libpng.git.sourceforge.net	Third Party Advisory
Bug 799000 – CVE-2011-3045 libpng: buffer overflow in png_inflate caused by invalid type conversions	CONFIRM	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory
Gentoo Linux Documentation -- libpng: Multiple vulnerabilities	GENTOO	security.gentoo.org	Third Party Advisory
[SECURITY] Fedora 15 Update: libpng-1.2.48-1.fc15	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
[SECURITY] Fedora 15 Update: libpng10-1.0.58-1.fc15	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
Issue 116162 - chromium - Heap-buffer-overflow in wk_png_inflate - An open-source project to help move the web forward. - Google Project Hosting	CONFIRM	code.google.com	Vendor Advisory
[security-announce] openSUSE-SU-2012:0466-1: important: update for chrom	SUSE	lists.opensuse.org	Mailing List, Third Party Advisory
Security Alerts - Secunia	SECUNIA	secunia.com	Not Applicable
Red Hat Customer Portal	REDHAT	rhn.redhat.com	Third Party Advisory
About Secunia Research \| Flexera	SECUNIA	secunia.com	Not Applicable
Debian -- Security Information -- DSA-2439-1 libpng	DEBIAN	www.debian.org	Third Party Advisory
www.mandriva.com	MANDRIVA	www.mandriva.com	Not Applicable
access.redhat.com	REDHAT	rhn.redhat.com	Third Party Advisory
[SECURITY] Fedora 16 Update: libpng10-1.0.58-1.fc16	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
[chrome] Revision 125311	CONFIRM	src.chromium.org	Patch, Vendor Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

There are currently no legacy QID mappings associated with this CVE.