Back to search
CVE-2011-2501
Published: Jul 17, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
49660
third-party-advisory
x_refsource_SECUNIA
45046
third-party-advisory
x_refsource_SECUNIA
USN-1175-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2011:151
vendor-advisory
x_refsource_MANDRIVA
48474
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=717084
x_refsource_CONFIRM
SSA:2011-210-01
vendor-advisory
x_refsource_SLACKWARE
GLSA-201206-15
vendor-advisory
x_refsource_GENTOO
[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)
mailing-list
x_refsource_MLIST
FEDORA-2011-8868
vendor-advisory
x_refsource_FEDORA
libpng-pngerror-dos(68517)
vdb-entry
x_refsource_XF
45289
third-party-advisory
x_refsource_SECUNIA
FEDORA-2011-9336
vendor-advisory
x_refsource_FEDORA
DSA-2287
vendor-advisory
x_refsource_DEBIAN
45405
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1105
vendor-advisory
x_refsource_REDHAT
[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)
mailing-list
x_refsource_MLIST
45460
third-party-advisory
x_refsource_SECUNIA
45486
third-party-advisory
x_refsource_SECUNIA
45492
third-party-advisory
x_refsource_SECUNIA
45415
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now