CVE-2011-2690 (retired)

Priority
Description
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x
before 1.4.8, and 1.5.x before 1.5.4, when used by an application that
calls the png_rgb_to_gray function but not the png_set_expand function,
allows remote attackers to overwrite memory with an arbitrary amount of
data, and possibly have unspecified other impact, via a crafted PNG image.
Notes
 jdstrand> firefox 3.6.23 has 1.2.35 and 7.0.1 has 1.4.7
 micahg> per https://bugzilla.mozilla.org/show_bug.cgi?id=669863#c2 Firefox 7+
  isn't vulnerable
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Package
Upstream:not-affected (7.0.1)
More Information

Updated: 2019-03-26 11:57:19 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)