CVE-2011-3048

Priority
Description
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59,
1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows
remote attackers to cause a denial of service (crash) or execute arbitrary
code via a crafted text chunk in a PNG image file, which triggers a memory
allocation failure that is not properly handled, leading to a heap-based
buffer overflow.
Notes
mdeslaurRH bug says firefox isn't affected.
Package
Upstream:needs-triage
Package
Upstream:not-affected
Package
Upstream:not-affected
More Information

Updated: 2019-12-05 20:57:39 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)