CVE-2011-2501

Severity

43%

Complexity

86%

Confidentiality

48%

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

CVSS 2.0 Base Score 4.3. CVSS Attack Vector: network. CVSS Attack Complexity: medium. CVSS Vector: (AV:N/AC:M/Au:N/C:N/I:N/A:P).

Overview

Type

libpng

First reported 13 years ago

2011-07-17 20:55:00

Last updated 7 years ago

2017-08-29 01:29:00

Affected Software

libpng 1.0.0

1.0.0

libpng 1.0.1

1.0.1

libpng 1.0.2

1.0.2

libpng 1.0.3

1.0.3

libpng 1.0.5

1.0.5

libpng 1.0.6

1.0.6

libpng 1.0.7

1.0.7

libpng 1.0.8

1.0.8

libpng 1.0.9

1.0.9

libpng 1.0.10

1.0.10

libpng 1.0.11

1.0.11

libpng 1.0.12

1.0.12

libpng 1.0.13

1.0.13

libpng 1.0.14

1.0.14

libpng 1.0.15

1.0.15

libpng 1.0.16

1.0.16

libpng 1.0.17

1.0.17

libpng 1.0.18

1.0.18

libpng 1.0.19

1.0.19

libpng 1.0.20

1.0.20

libpng 1.0.21

1.0.21

libpng 1.0.22

1.0.22

libpng 1.0.23

1.0.23

libpng 1.0.24

1.0.24

libpng 1.0.25

1.0.25

libpng 1.0.26

1.0.26

libpng 1.0.27

1.0.27

libpng 1.0.28

1.0.28

libpng 1.0.29

1.0.29

libpng 1.0.30

1.0.30

libpng 1.0.31

1.0.31

libpng 1.0.32

1.0.32

libpng 1.0.33

1.0.33

libpng 1.0.34

1.0.34

libpng 1.0.35

1.0.35

libpng 1.0.37

1.0.37

libpng 1.0.38

1.0.38

libpng 1.0.39

1.0.39

libpng 1.0.40

1.0.40

libpng 1.0.41

1.0.41

libpng 1.0.42

1.0.42

libpng 1.0.43

1.0.43

libpng 1.0.44

1.0.44

libpng 1.0.45

1.0.45

libpng 1.0.46

1.0.46

libpng 1.0.47

1.0.47

libpng 1.0.48

1.0.48

libpng 1.0.50

1.0.50

libpng 1.0.51

1.0.51

libpng 1.0.52

1.0.52

libpng 1.0.53

1.0.53

libpng 1.0.54

1.0.54

libpng 1.2.0

1.2.0

libpng 1.2.1

1.2.1

libpng 1.2.2

1.2.2

libpng 1.2.3

1.2.3

libpng 1.2.4

1.2.4

libpng 1.2.5

1.2.5

libpng 1.2.6

1.2.6

libpng 1.2.7

1.2.7

libpng 1.2.8

1.2.8

libpng 1.2.9

1.2.9

libpng 1.2.10

1.2.10

libpng 1.2.11

1.2.11

libpng 1.2.13

1.2.13

libpng 1.2.14

1.2.14

libpng 1.2.15

1.2.15

libpng 1.2.16

1.2.16

libpng 1.2.17

1.2.17

libpng 1.2.18

1.2.18

libpng 1.2.19

1.2.19

libpng 1.2.20

1.2.20

libpng 1.2.21

1.2.21

libpng 1.2.22

1.2.22

libpng 1.2.23

1.2.23

libpng 1.2.24

1.2.24

libpng 1.2.25

1.2.25

libpng 1.2.26

1.2.26

libpng 1.2.27

1.2.27

libpng 1.2.28

1.2.28

libpng 1.2.29

1.2.29

libpng 1.2.30

1.2.30

libpng 1.2.31

1.2.31

libpng 1.2.32

1.2.32

libpng 1.2.33

1.2.33

libpng 1.2.34

1.2.34

libpng 1.2.35

1.2.35

libpng 1.2.36

1.2.36

libpng 1.2.37

1.2.37

libpng 1.2.38

1.2.38

libpng 1.2.39

1.2.39

libpng 1.2.40

1.2.40

libpng 1.2.41

1.2.41

libpng 1.2.42

1.2.42

libpng 1.2.43

1.2.43

libpng 1.2.44

1.2.44

libpng 1.4.1

1.4.1

libpng 1.4.1 Beta 01

1.4.1

libpng 1.4.1 Beta 02

1.4.1

libpng 1.4.1 Beta 03

1.4.1

libpng 1.4.1 Beta 04

1.4.1

libpng 1.4.1 Beta 05

1.4.1

libpng 1.4.1 Beta 06

1.4.1

libpng 1.4.1 Beta 07

1.4.1

libpng 1.4.1 Beta 08

1.4.1

libpng 1.4.1 Beta 09

1.4.1

libpng 1.4.1 Beta 10

1.4.1

libpng 1.4.1 Beta 11

1.4.1

libpng 1.4.1 Beta 12

1.4.1

libpng 1.4.1 Release Candidate 01

1.4.1

libpng 1.4.1 Release Candidate 02

1.4.1

libpng 1.4.1 Release Candidate 04

1.4.1

libpng 1.4.2

1.4.2

libpng 1.4.2 Release Candidate 01

1.4.2

libpng 1.4.2 Release Candidate 02

1.4.2

libpng 1.4.2 Release Candidate 03

1.4.2

libpng 1.4.2 Release Candidate 04

1.4.2

libpng 1.4.2 Release Candidate 05

1.4.2

libpng 1.4.2 Release Candidate 06

1.4.2

libpng 1.4.3

1.4.3

libpng 1.4.4

1.4.4

libpng 1.4.5

1.4.5

libpng 1.4.6

1.4.6

libpng 1.4.7

1.4.7

libpng 1.5.0 Beta01

1.5.0

libpng 1.5.0 Beta02

1.5.0

libpng 1.5.0 Beta03

1.5.0

libpng 1.5.0 Beta04

1.5.0

libpng 1.5.0 Beta05

1.5.0

libpng 1.5.0 Beta06

1.5.0

libpng 1.5.0 Beta07

1.5.0

libpng 1.5.0 Beta08

1.5.0

libpng 1.5.0 Beta09

1.5.0

libpng 1.5.0 Beta10

1.5.0

libpng 1.5.0 Beta11

1.5.0

libpng 1.5.0 Beta12

1.5.0

libpng 1.5.0 Beta13

1.5.0

libpng 1.5.0 Beta14

1.5.0

libpng 1.5.0 Beta15

1.5.0

libpng 1.5.0 Beta16

1.5.0

libpng 1.5.0 Beta17

1.5.0

libpng 1.5.0 Beta18

1.5.0

libpng 1.5.0 Beta19

1.5.0

libpng 1.5.0 Beta20

1.5.0

libpng 1.5.0 Beta21

1.5.0

libpng 1.5.0 Beta22

1.5.0

libpng 1.5.0 Beta23

1.5.0

libpng 1.5.0 Beta24

1.5.0

libpng 1.5.0 Beta25

1.5.0

libpng 1.5.0 Beta26

1.5.0

libpng 1.5.0 Beta27

1.5.0

libpng 1.5.0 Beta28

1.5.0

libpng 1.5.0 Beta29

1.5.0

libpng 1.5.0 Beta30

1.5.0

libpng 1.5.0 Beta31

1.5.0

libpng 1.5.0 Beta32

1.5.0

libpng 1.5.1

1.5.1

libpng 1.5.2

1.5.2

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af

Patch

FEDORA-2011-8868

FEDORA-2011-9336

45046

Vendor Advisory

45289

45405

45415

45460

45486

45492

49660

GLSA-201206-15

SSA:2011-210-01

http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement

DSA-2287

MDVSA-2011:151

[oss-security] 20110627 CVE request for libpng regression (CVE-2004-0421)

Patch

[oss-security] 20110628 Re: CVE request for libpng regression (CVE-2004-0421)

Patch

RHSA-2011:1105

48474

USN-1175-1

https://bugzilla.redhat.com/show_bug.cgi?id=717084

Patch

libpng-pngerror-dos(68517)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.