[Forgot Password]
Login  Register Subscribe

23631

 
 

115038

 
 

96078

 
 

909

 
 

78009

 
 

109

Paid content will be excluded from the download.


Download | Alert*
CVE
view XML

CVE-2011-3045

Date: (C)2012-03-22   (M)2017-09-22
 
CVSS Score: 6.8Access Vector: NETWORK
Exploitability Subscore: 8.6Access Complexity: MEDIUM
Impact Subscore: 6.4Authentication: NONE
 Confidentiality: PARTIAL
 Integrity: PARTIAL
 Availability: PARTIAL











Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Reference:
SECTRACK-1026823
SECUNIA-48320
SECUNIA-48485
SECUNIA-48512
SECUNIA-48554
SECUNIA-49660
FEDORA-2012-3705
FEDORA-2012-3739
GLSA-201206-15
RHSA-2012:0488
http://code.google.com/p/chromium/issues/detail?id=116162
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
http://src.chromium.org/viewvc/chrome?view=rev&revision=125311
https://bugzilla.redhat.com/show_bug.cgi?id=799000
openSUSE-SU-2012:0432

CPE    2040
cpe:/a:google:chrome:17.0.925.0
cpe:/a:google:chrome:16.0.912.19
cpe:/a:google:chrome:16.0.912.15
cpe:/a:google:chrome:16.0.912.13
...
CWE    1
CWE-189
OVAL    22
oval:org.secpod.oval:def:103687
oval:org.secpod.oval:def:103686
oval:org.secpod.oval:def:103641
oval:org.secpod.oval:def:103546
...

© 2013 SecPod Technologies