CVE-2011-2690

Priority
Medium
Description
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x
before 1.4.8, and 1.5.x before 1.5.4, when used by an application that
calls the png_rgb_to_gray function but not the png_set_expand function,
allows remote attackers to overwrite memory with an arbitrary amount of
data, and possibly have unspecified other impact, via a crafted PNG image.
References
Bugs
Notes
 jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7
 micahg> per https://bugzilla.mozilla.org/show_bug.cgi?id=669863#c2 Firefox 7+
  isn't vulnerable
Assigned-to
mdeslaur
Package
Upstream:released (1.2.45)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2.46-3ubuntu1)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (14.0.835.202~r103287-0ubuntu1)
Package
Upstream:not-affected (7.0.1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (8.0~b4+build1-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:48 UTC (commit 9756)