CVE-2011-2692

Public Exploit

Description

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

References

Link	Tags
http://secunia.com/advisories/49660	third party advisory broken link
http://www.redhat.com/support/errata/RHSA-2011-1103.html	vendor advisory broken link
http://www.securityfocus.com/bid/48618	third party advisory vdb entry
http://secunia.com/advisories/45046	third party advisory broken link
http://www.ubuntu.com/usn/USN-1175-1	third party advisory vendor advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151	vendor advisory broken link
https://bugzilla.redhat.com/show_bug.cgi?id=720612	patch third party advisory issue tracking
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement	third party advisory issue tracking exploit
http://security.gentoo.org/glsa/glsa-201206-15.xml	third party advisory vendor advisory
http://secunia.com/advisories/45461	third party advisory broken link
http://www.libpng.org/pub/png/libpng.html	product vendor advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html	vendor advisory mailing list third party advisory
http://www.debian.org/security/2011/dsa-2287	third party advisory vendor advisory
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html	vendor advisory mailing list third party advisory
http://secunia.com/advisories/45405	third party advisory broken link
http://secunia.com/advisories/45445	third party advisory broken link
http://www.redhat.com/support/errata/RHSA-2011-1105.html	vendor advisory broken link
http://secunia.com/advisories/45460	third party advisory broken link
http://www.openwall.com/lists/oss-security/2011/07/13/2	third party advisory mailing list
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536	third party advisory vdb entry
http://support.apple.com/kb/HT5002	third party advisory
http://secunia.com/advisories/45492	third party advisory broken link
http://support.apple.com/kb/HT5281	third party advisory
http://www.redhat.com/support/errata/RHSA-2011-1104.html	vendor advisory broken link
http://www.kb.cert.org/vuls/id/819894	third party advisory us government resource
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html	vendor advisory mailing list third party advisory
http://secunia.com/advisories/45415	third party advisory broken link

Frequently Asked Questions

What is the severity of CVE-2011-2692?: CVE-2011-2692 has been scored as a high severity vulnerability.
How to fix CVE-2011-2692?: To fix CVE-2011-2692, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2011-2692 being actively exploited in the wild?: It is possible that CVE-2011-2692 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~4% probability that this vulnerability will be exploited by malicious actors in the next 30 days.

Description

Category

CWE-119 – Improper Restriction of Operations within the Bounds of a Memory Buffer

References

Frequently Asked Questions