The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45415
http://secunia.com/advisories/45445
http://secunia.com/advisories/45460
http://secunia.com/advisories/45461
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://support.apple.com/kb/HT5002
http://support.apple.com/kb/HT5281
http://www.debian.org/security/2011/dsa-2287
http://www.kb.cert.org/vuls/id/819894
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.redhat.com/support/errata/RHSA-2011-1103.html
http://www.redhat.com/support/errata/RHSA-2011-1104.html
http://www.redhat.com/support/errata/RHSA-2011-1105.html
http://www.securityfocus.com/bid/48618
http://www.ubuntu.com/usn/USN-1175-1
Source: MITRE
Published: 2011-07-17
Updated: 2020-08-06
Type: CWE-119
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH