CVE-2011-2692

Priority
Low
Description
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55,
1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not
properly handle invalid sCAL chunks, which allows remote attackers to cause
a denial of service (memory corruption and application crash) or possibly
have unspecified other impact via a crafted PNG image that triggers the
reading of uninitialized memory.
References
Bugs
Notes
jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7
micahg> firefox 8 will have 1.4.8
Assigned-to
mdeslaur
Package
Upstream:released (1.2.45)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.4)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.42-1ubuntu2.2)
Ubuntu 11.04 (Natty Narwhal):released (1.2.44-1ubuntu3.1)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (1.2.46-3ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (1.2.46-3ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.2.46-3ubuntu1)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):released (14.0.835.202~r103287-0ubuntu0.10.04.2)
Ubuntu 11.04 (Natty Narwhal):released (14.0.835.202~r103287-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (14.0.835.202~r103287-0ubuntu1)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (14.0.835.202~r103287-0ubuntu1)
Ubuntu 12.10 (Quantal Quetzal):not-affected (14.0.835.202~r103287-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (10.0+build1-0ubuntu0.10.04.2)
Ubuntu 11.04 (Natty Narwhal):released (8.0+build1-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (8.0+build1-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (8.0~b4+build1-0ubuntu2)
Ubuntu 12.10 (Quantal Quetzal):released (8.0~b4+build1-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:14 UTC (commit 5347)