cpe:/a:libpng:libpng:1.5.0 CVE-2011-0408 2011-01-18T13:03:08.423-05:00 2017-08-16T21:33:29.307-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-01-19T10:30:00.000-05:00 SECTRACK 1024955 SECUNIA 42863 OSVDB 70417 VUPEN ADV-2011-0080 CERT-VN VU#643140 CONFIRM http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement XF libpng-pngsetrgbtogray-bo(64637) pngrtran.c in libpng 1.5.x before 1.5.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.