CVE-2011-2501 (retired)

Priority
Description
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55,
1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows
remote attackers to cause a denial of service (application crash) via a
crafted PNG image that triggers an out-of-bounds read during the copying of
error-message data. NOTE: this vulnerability exists because of a
CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some
sources.
Notes
 mdeslaur> re-introduced in 1.2.23
 jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7
 micahg> firefox 8 will have 1.4.8
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (14.0.835.202~r103287-0ubuntu1)
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):released (8.0~b4+build1-0ubuntu2)
Package
Upstream:released (1.2.44-3)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (1.2.46-3ubuntu1)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af
More Information

Updated: 2019-03-26 11:57:10 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)