QwikSec

Security Database

CVE

CWE

Training

CVE-2012-3425

Published: Aug 13, 2012

Modified: Aug 6, 2024

PUBLISHED

Description

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images

mailing-list

x_refsource_MLIST

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15

x_refsource_MISC

[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images

mailing-list

x_refsource_MLIST

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082

x_refsource_MISC

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14

x_refsource_MISC

openSUSE-SU-2012:0934

vendor-advisory

x_refsource_SUSE

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10

x_refsource_MISC

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8

x_refsource_MISC

vendor-advisory

x_refsource_UBUNTU

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.