PublicDateAtUSN: 2011-07-17 Candidate: CVE-2011-2690 PublicDate: 2011-07-17 20:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2690 https://ubuntu.com/security/notices/USN-1175-1 Description: Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image. Ubuntu-Description: Notes: jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7 micahg> per https://bugzilla.mozilla.org/show_bug.cgi?id=669863#c2 Firefox 7+ isn't vulnerable Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633871 https://bugzilla.mozilla.org/show_bug.cgi?id=669863 Priority: medium Discovered-by: Assigned-to: mdeslaur CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH] Patches_libpng: upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=d572394c2a018ef22e9685ac189f5f05c08ea6f5 upstream_libpng: released (1.2.45) hardy_libpng: released (1.2.15~beta5-3ubuntu0.4) lucid_libpng: released (1.2.42-1ubuntu2.2) maverick_libpng: released (1.2.44-1ubuntu0.1) natty_libpng: released (1.2.44-1ubuntu3.1) oneiric_libpng: not-affected (1.2.46-3ubuntu1) devel_libpng: not-affected (1.2.46-3ubuntu1) Patches_firefox: upstream_firefox: not-affected (7.0.1) hardy_firefox: ignored (reached end-of-life) lucid_firefox: not-affected (3.6.23+build1+nobinonly-0ubuntu0.10.04.1) maverick_firefox: not-affected (3.6.23+build1+nobinonly-0ubuntu0.10.10.1) natty_firefox: not-affected (7.0.1+build1+nobinonly-0ubuntu0.11.04.1) oneiric_firefox: not-affected (7.0.1+build1+nobinonly-0ubuntu2) devel_firefox: not-affected (8.0~b4+build1-0ubuntu2) Patches_chromium-browser: upstream_chromium-browser: needs-triage hardy_chromium-browser: DNE lucid_chromium-browser: released (14.0.835.202~r103287-0ubuntu0.10.04.2) maverick_chromium-browser: released (14.0.835.202~r103287-0ubuntu0.10.10.1) natty_chromium-browser: released (14.0.835.202~r103287-0ubuntu0.11.04.1) oneiric_chromium-browser: released (14.0.835.202~r103287-0ubuntu1) devel_chromium-browser: not-affected (14.0.835.202~r103287-0ubuntu1)