CVE-2011-2690

high
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

References

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html

http://secunia.com/advisories/45046

http://secunia.com/advisories/45405

http://secunia.com/advisories/45415

http://secunia.com/advisories/45460

http://secunia.com/advisories/45461

http://secunia.com/advisories/45492

http://secunia.com/advisories/49660

http://security.gentoo.org/glsa/glsa-201206-15.xml

http://support.apple.com/kb/HT5002

http://www.debian.org/security/2011/dsa-2287

http://www.libpng.org/pub/png/libpng.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:151

http://www.openwall.com/lists/oss-security/2011/07/13/2

http://www.redhat.com/support/errata/RHSA-2011-1104.html

http://www.redhat.com/support/errata/RHSA-2011-1105.html

http://www.securityfocus.com/bid/48660

http://www.ubuntu.com/usn/USN-1175-1

https://bugzilla.redhat.com/show_bug.cgi?id=720607

https://exchange.xforce.ibmcloud.com/vulnerabilities/68538

Details

Source: MITRE

Published: 2011-07-17

Updated: 2020-08-06

Type: CWE-120

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 8.8

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.8

Severity: HIGH

Tenable Plugins

View all (29 total)

IDNameProductFamilySeverity
124924EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)NessusHuawei Local Security Checks
high
75913openSUSE Security Update : libpng14 (libpng14-4949)NessusSuSE Local Security Checks
high
75911openSUSE Security Update : libpng12 (libpng12-4947)NessusSuSE Local Security Checks
high
75604openSUSE Security Update : libpng14 (libpng14-4949)NessusSuSE Local Security Checks
high
75603openSUSE Security Update : libpng12 (libpng12-4947)NessusSuSE Local Security Checks
high
68318Oracle Linux 6 : libpng (ELSA-2011-1105)NessusOracle Linux Local Security Checks
medium
68317Oracle Linux 5 : libpng (ELSA-2011-1104)NessusOracle Linux Local Security Checks
medium
61101Scientific Linux Security Update : libpng on SL6.x i386/x86_64NessusScientific Linux Local Security Checks
medium
61100Scientific Linux Security Update : libpng on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
59668GLSA-201206-15 : libpng: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
57218SuSE 10 Security Update : libpng (ZYPP Patch Number 7670)NessusSuSE Local Security Checks
high
56529Mandriva Linux Security Advisory : libpng (MDVSA-2011:151)NessusMandriva Local Security Checks
medium
6039Mac OS X 10.7 < 10.7.2 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
56481Mac OS X Multiple Vulnerabilities (Security Update 2011-006)NessusMacOS X Local Security Checks
critical
56480Mac OS X 10.7.x < 10.7.2 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
56268CentOS 5 : libpng (CESA-2011:1104)NessusCentOS Local Security Checks
medium
55989Fedora 14 : mingw32-libpng-1.4.8-1.fc14 (2011-10954)NessusFedora Local Security Checks
medium
55987Fedora 15 : mingw32-libpng-1.4.8-1.fc15 (2011-10928)NessusFedora Local Security Checks
medium
55897SuSE 10 Security Update : libpng (ZYPP Patch Number 7669)NessusSuSE Local Security Checks
high
55896SuSE 11.1 Security Update : libpng (SAT Patch Number 4948)NessusSuSE Local Security Checks
high
55895SuSE9 Security Update : libpng (YOU Patch Number 12815)NessusSuSE Local Security Checks
high
55738Fedora 14 : libpng-1.2.46-1.fc14 (2011-9336)NessusFedora Local Security Checks
medium
55727RHEL 6 : libpng (RHSA-2011:1105)NessusRed Hat Local Security Checks
medium
55726RHEL 5 : libpng (RHSA-2011:1104)NessusRed Hat Local Security Checks
medium
55721Debian DSA-2287-1 : libpng - several vulnerabilitiesNessusDebian Local Security Checks
medium
55699Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 : libpng vulnerabilities (USN-1175-1)NessusUbuntu Local Security Checks
medium
55655Fedora 14 : libpng10-1.0.55-1.fc14 (2011-8867)NessusFedora Local Security Checks
medium
55654Fedora 15 : libpng10-1.0.55-1.fc15 (2011-8844)NessusFedora Local Security Checks
medium
55612Fedora 15 : libpng-1.2.46-1.fc15 (2011-9343)NessusFedora Local Security Checks
medium