Back to search
CVE-2011-2691
Published: Jul 17, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
49660
third-party-advisory
x_refsource_SECUNIA
48660
vdb-entry
x_refsource_BID
https://bugzilla.redhat.com/show_bug.cgi?id=720608
x_refsource_CONFIRM
45046
third-party-advisory
x_refsource_SECUNIA
libpng-pngdefaulterror-dos(68537)
vdb-entry
x_refsource_XF
MDVSA-2011:151
vendor-advisory
x_refsource_MANDRIVA
GLSA-201206-15
vendor-advisory
x_refsource_GENTOO
http://www.libpng.org/pub/png/libpng.html
x_refsource_CONFIRM
FEDORA-2011-9336
vendor-advisory
x_refsource_FEDORA
DSA-2287
vendor-advisory
x_refsource_DEBIAN
APPLE-SA-2011-10-12-3
vendor-advisory
x_refsource_APPLE
45405
third-party-advisory
x_refsource_SECUNIA
[oss-security] 20110713 Security issues fixed in libpng 1.5.4
mailing-list
x_refsource_MLIST
SSRT100852
vendor-advisory
x_refsource_HP
http://support.apple.com/kb/HT5002
x_refsource_CONFIRM
45492
third-party-advisory
x_refsource_SECUNIA
HPSBMU02776
vendor-advisory
x_refsource_HP
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now