Candidate: CVE-2011-2691 PublicDate: 2011-07-17 20:55:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2691 Description: The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image. Ubuntu-Description: Notes: mdeslaur> On Ubuntu, the affected code isn't compiled in libpng. jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7 micahg> firefox 8 will have 1.4.8 Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=633871 https://bugzilla.mozilla.org/show_bug.cgi?id=669863 Priority: low Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H [6.5 MEDIUM] Patches_libpng: upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9dad5e37aef295b4ef8dea39392b652deebc9261 upstream_libpng: released (1.2.45) hardy_libpng: not-affected (code not present) lucid_libpng: not-affected (code not compiled) maverick_libpng: not-affected (code not compiled) natty_libpng: not-affected (code not compiled) oneiric_libpng: not-affected (code not compiled) precise_libpng: not-affected (code not compiled) devel_libpng: not-affected (code not compiled) Patches_firefox: upstream_firefox: needs-triage hardy_firefox: ignored (reached end-of-life) lucid_firefox: released (10.0+build1-0ubuntu0.10.04.2) maverick_firefox: ignored (reached end-of-life) natty_firefox: released (8.0+build1-0ubuntu0.11.04.1) oneiric_firefox: released (8.0+build1-0ubuntu0.11.10.1) precise_firefox: released (8.0~b4+build1-0ubuntu2) devel_firefox: released (8.0~b4+build1-0ubuntu2) Patches_chromium-browser: upstream_chromium-browser: needs-triage hardy_chromium-browser: DNE lucid_chromium-browser: released (14.0.835.202~r103287-0ubuntu0.10.04.2) maverick_chromium-browser: released (14.0.835.202~r103287-0ubuntu0.10.10.1) natty_chromium-browser: released (14.0.835.202~r103287-0ubuntu0.11.04.1) oneiric_chromium-browser: released (14.0.835.202~r103287-0ubuntu1) precise_chromium-browser: not-affected (14.0.835.202~r103287-0ubuntu1) devel_chromium-browser: not-affected (14.0.835.202~r103287-0ubuntu1)