CVE-2011-3026

Priority
Medium
Description
Integer overflow in libpng, as used in Google Chrome before 17.0.963.56,
allows remote attackers to cause a denial of service or possibly have
unspecified other impact via unknown vectors that trigger an integer
truncation.
References
Bugs
Notes
jdstrand> http://www.ubuntu.com/usn/usn-1400-3/ had the fix for thunderbird
but it wasn't included
Assigned-to
jdstrand
Package
Upstream:released (1.2.46-5)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.5)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.42-1ubuntu2.3)
Ubuntu 11.04 (Natty Narwhal):released (1.2.44-1ubuntu3.2)
Ubuntu 11.10 (Oneiric Ocelot):released (1.2.46-3ubuntu1.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.2.46-3ubuntu2)
Patches:
Patch:http://src.chromium.org/viewvc/chrome/branches/963/src/third_party/libpng/pngrutil.c?view=patch&r1=121492&r2=121491&pathrev=121492
Vendor:http://www.debian.org/security/2012/dsa-2410
Package
Upstream:released (3.1.19, 10.0.2)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (3.1.19+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (3.1.19+build1+nobinonly-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (11.0+build1-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (11.0~b2+build2-0ubuntu3)
Package
Upstream:released (17.0.963.56)
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (uses system libpng)
Ubuntu 11.04 (Natty Narwhal):not-affected (uses system libpng)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (uses system libpng)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (uses system libpng)
Package
Upstream:released (10.0.2)
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (10.0.2+build1-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (10.0.2+build1-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):released (10.0.2+build1-0ubuntu0.11.10.1)
Ubuntu 12.04 LTS (Precise Pangolin):released (11.0~b3+build2-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.9.2.27+build1+nobinonly-0ubuntu0.10.04.1)
Ubuntu 11.04 (Natty Narwhal):released (1.9.2.27+build1+nobinonly-0ubuntu0.11.04.1)
Ubuntu 11.10 (Oneiric Ocelot):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:22:20 UTC (commit 5347)