CVE-2011-3045

Priority
Medium
Description
Integer signedness error in the png_inflate function in pngrutil.c in
libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and
other products, allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted PNG
file, a different vulnerability than CVE-2011-3026.
References
Notes
jdstrand> firefox and thunderbird 16 are not affected
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.6)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.42-1ubuntu2.4)
Ubuntu 11.04 (Natty Narwhal):released (1.2.44-1ubuntu3.3)
Ubuntu 11.10 (Oneiric Ocelot):released (1.2.46-3ubuntu1.2)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.2.46-3ubuntu3)
Ubuntu 12.10 (Quantal Quetzal):released (1.2.46-3ubuntu3)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1 (related)
Vendor:https://rhn.redhat.com/errata/RHSA-2012-0407.html
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (uses system libpng)
Ubuntu 11.04 (Natty Narwhal):not-affected (uses system libpng)
Ubuntu 11.10 (Oneiric Ocelot):not-affected (uses system libpng)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (uses system libpng)
Ubuntu 12.10 (Quantal Quetzal):not-affected (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Ubuntu 12.10 (Quantal Quetzal):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2012-10-11 16:14:35 UTC (commit 5907)