CVE-2011-3045

Priority
Medium
Description
Integer signedness error in the png_inflate function in pngrutil.c in
libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and
other products, allows remote attackers to cause a denial of service
(application crash) or possibly execute arbitrary code via a crafted PNG
file, a different vulnerability than CVE-2011-3026.
References
Notes
 jdstrand> firefox and thunderbird 16 are not affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.2.46-3ubuntu3)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=13f12476543c4ada693b4cb474039d5cf3389ed1 (related)
Vendor:https://rhn.redhat.com/errata/RHSA-2012-0407.html
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:39:56 UTC (commit 9756)