CVE-2011-2690

Priority
Medium
Description
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x
before 1.4.8, and 1.5.x before 1.5.4, when used by an application that
calls the png_rgb_to_gray function but not the png_set_expand function,
allows remote attackers to overwrite memory with an arbitrary amount of
data, and possibly have unspecified other impact, via a crafted PNG image.
References
Bugs
Notes
jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7
micahg> per https://bugzilla.mozilla.org/show_bug.cgi?id=669863#c2 Firefox 7+
isn't vulnerable
Assigned-to
mdeslaur
Package
Upstream:released (1.2.45)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.4)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.42-1ubuntu2.2)
Ubuntu 11.04 (Natty Narwhal):released (1.2.44-1ubuntu3.1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (1.2.46-3ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2.46-3ubuntu1)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (14.0.835.202~r103287-0ubuntu0.10.04.2)
Ubuntu 11.04 (Natty Narwhal):released (14.0.835.202~r103287-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (14.0.835.202~r103287-0ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (14.0.835.202~r103287-0ubuntu1)
Package
Upstream:not-affected (7.0.1)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (3.6.23+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):not-affected (7.0.1+build1+nobinonly-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (7.0.1+build1+nobinonly-0ubuntu2)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (8.0~b4+build1-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:14 UTC (commit 5347)