Back to search
CVE-2011-2690
Published: Jul 17, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
49660
third-party-advisory
x_refsource_SECUNIA
48660
vdb-entry
x_refsource_BID
45046
third-party-advisory
x_refsource_SECUNIA
USN-1175-1
vendor-advisory
x_refsource_UBUNTU
MDVSA-2011:151
vendor-advisory
x_refsource_MANDRIVA
GLSA-201206-15
vendor-advisory
x_refsource_GENTOO
45461
third-party-advisory
x_refsource_SECUNIA
http://www.libpng.org/pub/png/libpng.html
x_refsource_CONFIRM
FEDORA-2011-9336
vendor-advisory
x_refsource_FEDORA
DSA-2287
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
https://bugzilla.redhat.com/show_bug.cgi?id=720607
x_refsource_CONFIRM
45405
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1105
vendor-advisory
x_refsource_REDHAT
45460
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20110713 Security issues fixed in libpng 1.5.4
mailing-list
x_refsource_MLIST
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
libpng-pngrgbtogray-bo(68538)
vdb-entry
x_refsource_XF
45492
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:1104
vendor-advisory
x_refsource_REDHAT
45415
third-party-advisory
x_refsource_SECUNIA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now