Description

The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339

http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html

http://lists.apple.com/archives/security-announce/2012/May/msg00001.html

http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html

http://secunia.com/advisories/45046

http://secunia.com/advisories/45405

http://secunia.com/advisories/45415

http://secunia.com/advisories/45445

http://secunia.com/advisories/45460

http://secunia.com/advisories/45461

http://secunia.com/advisories/45492

http://secunia.com/advisories/49660

http://security.gentoo.org/glsa/glsa-201206-15.xml

http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement

http://support.apple.com/kb/HT5002

http://support.apple.com/kb/HT5281

http://www.debian.org/security/2011/dsa-2287

http://www.kb.cert.org/vuls/id/819894

http://www.libpng.org/pub/png/libpng.html

http://www.mandriva.com/security/advisories?name=MDVSA-2011:151

http://www.openwall.com/lists/oss-security/2011/07/13/2

http://www.redhat.com/support/errata/RHSA-2011-1103.html

http://www.redhat.com/support/errata/RHSA-2011-1104.html

http://www.redhat.com/support/errata/RHSA-2011-1105.html

http://www.securityfocus.com/bid/48618

http://www.ubuntu.com/usn/USN-1175-1

https://bugzilla.redhat.com/show_bug.cgi?id=720612

https://exchange.xforce.ibmcloud.com/vulnerabilities/68536

Details

Risk Information

CVSS v2

CVSS v3