CVE-2011-3026

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

References

http://code.google.com/p/chromium/issues/detail?id=112822

http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html

http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html

http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html

http://secunia.com/advisories/48016

http://secunia.com/advisories/48110

http://secunia.com/advisories/49660

http://security.gentoo.org/glsa/glsa-201206-15.xml

http://support.apple.com/kb/HT5501

http://support.apple.com/kb/HT5503

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15032

Details

Source: MITRE

Published: 2012-02-16

Updated: 2020-04-16

Type: CWE-190

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Tenable Plugins

View all (85 total)

IDNameProductFamilySeverity
124924EulerOS Virtualization 3.0.1.0 : libpng (EulerOS-SA-2019-1421)NessusHuawei Local Security Checks
high
80674Oracle Solaris Third-Party Patch Update : libpng (multiple_vulnerabilities_in_libpng2)NessusSolaris Local Security Checks
high
76028openSUSE Security Update : seamonkey (seamonkey-5834)NessusSuSE Local Security Checks
high
75970openSUSE Security Update : MozillaThunderbird (MozillaThunderbird-5826)NessusSuSE Local Security Checks
high
75962openSUSE Security Update : mozilla-js192 (mozilla-js192-5832)NessusSuSE Local Security Checks
high
75953openSUSE Security Update : MozillaFirefox (MozillaFirefox-5825)NessusSuSE Local Security Checks
high
75914openSUSE Security Update : libpng14 (libpng14-5847)NessusSuSE Local Security Checks
high
75912openSUSE Security Update : libpng12 (libpng12-5846)NessusSuSE Local Security Checks
high
74563openSUSE Security Update : chromium / v8 (openSUSE-2012-142)NessusSuSE Local Security Checks
high
74559openSUSE Security Update : libpng12 / libpng14 (openSUSE-2012-137)NessusSuSE Local Security Checks
medium
74549openSUSE Security Update : MozillaFirefox / MozillaThunderbird / mozilla-xulrunner192 / etc (openSUSE-2012-120)NessusSuSE Local Security Checks
medium
69656Amazon Linux AMI : libpng (ALAS-2012-49)NessusAmazon Linux Local Security Checks
medium
68485Oracle Linux 4 / 5 / 6 : libpng (ELSA-2012-0317)NessusOracle Linux Local Security Checks
medium
68465Oracle Linux 5 / 6 : xulrunner (ELSA-2012-0143)NessusOracle Linux Local Security Checks
medium
68464Oracle Linux 4 : firefox (ELSA-2012-0142)NessusOracle Linux Local Security Checks
medium
68463Oracle Linux 4 : seamonkey (ELSA-2012-0141)NessusOracle Linux Local Security Checks
medium
68462Oracle Linux 6 : thunderbird (ELSA-2012-0140)NessusOracle Linux Local Security Checks
medium
64379IBM Informix Genero < 2.41 png_decompress_chunk Integer OverflowNessusWindows
high
63402GLSA-201301-01 : Mozilla Products: Multiple vulnerabilities (BEAST)NessusGentoo Local Security Checks
critical
62357Apple TV < 5.1 Multiple VulnerabilitiesNessusGain a shell remotely
high
6589Apple iOS < 6.0 Multiple VulnerabilitiesNessus Network MonitorMobile Devices
high
62242Apple iOS < 6.0 Multiple VulnerabilitiesNessusMobile Devices
critical
6583Mac OS X 10.7 < 10.7.5 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
62214Mac OS X 10.7.x < 10.7.5 Multiple Vulnerabilities (BEAST)NessusMacOS X Local Security Checks
critical
62213Mac OS X Multiple Vulnerabilities (Security Update 2012-004) (BEAST)NessusMacOS X Local Security Checks
critical
61254Scientific Linux Security Update : libpng on SL4.x, SL5.x, SL6.x i386/x86_64 (20120220)NessusScientific Linux Local Security Checks
high
61253Scientific Linux Security Update : xulrunner on SL5.x, SL6.x i386/x86_64 (20120216)NessusScientific Linux Local Security Checks
high
61251Scientific Linux Security Update : firefox on SL4.x i386/x86_64 (20120216)NessusScientific Linux Local Security Checks
high
59668GLSA-201206-15 : libpng: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
58706Fedora 17 : thunderbird-11.0.1-1.fc17 (2012-4910)NessusFedora Local Security Checks
high
58634Fedora 15 : thunderbird-11.0.1-1.fc15 (2012-5068)NessusFedora Local Security Checks
high
58555Fedora 16 : thunderbird-11.0.1-1.fc16 (2012-5028)NessusFedora Local Security Checks
high
58253Fedora 15 : xulrunner-10.0.1-3.fc15 (2012-1845)NessusFedora Local Security Checks
high
58189Fedora 17 : xulrunner-10.0.1-3.fc17 (2012-1800)NessusFedora Local Security Checks
high
58167SuSE 10 Security Update : libpng (ZYPP Patch Number 7980)NessusSuSE Local Security Checks
high
58165SuSE 11.1 Security Update : libpng (SAT Patch Number 5857)NessusSuSE Local Security Checks
high
58156Fedora 16 : libpng10-1.0.57-1.fc16 (2012-2028)NessusFedora Local Security Checks
high
58155Fedora 15 : libpng10-1.0.57-1.fc15 (2012-2008)NessusFedora Local Security Checks
high
58154Fedora 17 : libpng10-1.0.57-1.fc17 (2012-2003)NessusFedora Local Security Checks
high
58152Fedora 15 : libpng-1.2.46-2.fc15 (2012-1930)NessusFedora Local Security Checks
high
58150Fedora 17 : libpng-1.5.8-2.fc17 (2012-1892)NessusFedora Local Security Checks
high
58149Fedora 17 : thunderbird-10.0.1-2.fc17 (2012-1794)NessusFedora Local Security Checks
high
58116SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 7981)NessusSuSE Local Security Checks
high
58114SuSE 11.1 Security Update : Mozilla XULrunner (SAT Patch Number 5840)NessusSuSE Local Security Checks
high
58112SuSE 11.1 Security Update : Mozilla Firefox (SAT Patch Number 5838)NessusSuSE Local Security Checks
high
58098Fedora 16 : thunderbird-10.0.1-2.fc16 (2012-1844)NessusFedora Local Security Checks
high
58082Mandriva Linux Security Advisory : mozilla (MDVSA-2012:022-1)NessusMandriva Local Security Checks
high
58075Thunderbird 10.x < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)NessusMacOS X Local Security Checks
high
58074Firefox < 10.0.2 png_decompress_chunk Integer Overflow (Mac OS X)NessusMacOS X Local Security Checks
high
58073Thunderbird 3.1.x < 3.1.19 png_decompress_chunk Integer Overflow (Mac OS X)NessusMacOS X Local Security Checks
high
58072Firefox 3.6.x < 3.6.27 png_decompress_chunk Integer Overflow (Mac OS X)NessusMacOS X Local Security Checks
high
58068RHEL 4 / 5 / 6 : libpng (RHSA-2012:0317)NessusRed Hat Local Security Checks
medium
58051Fedora 16 : libpng-1.2.46-2.fc16 (2012-1922)NessusFedora Local Security Checks
high
58042CentOS 4 / 5 / 6 : libpng / libpng10 (CESA-2012:0317)NessusCentOS Local Security Checks
medium
58041CentOS 6 : thunderbird (CESA-2012:0140)NessusCentOS Local Security Checks
medium
801381Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer OverflowLog Correlation EngineWeb Clients
high
801380Mozilla SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer OverflowLog Correlation EngineWeb Clients
high
801253Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer OverflowLog Correlation EngineWeb Clients
high
6329SeaMonkey 2.x < 2.7.2 'png_decompress_chunk' Integer OverflowNessus Network MonitorWeb Clients
high
6327Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer OverflowNessus Network MonitorSMTP Clients
high
6325Mozilla Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer OverflowNessus Network MonitorWeb Clients
high
58037Ubuntu 11.10 : thunderbird vulnerabilities (USN-1369-1)NessusUbuntu Local Security Checks
critical
58036Ubuntu 10.04 LTS / 10.10 : xulrunner-1.9.2 vulnerability (USN-1367-4)NessusUbuntu Local Security Checks
high
58035Ubuntu 10.04 LTS / 10.10 / 11.04 : thunderbird vulnerability (USN-1367-3)NessusUbuntu Local Security Checks
high
58034Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : firefox vulnerability (USN-1367-2)NessusUbuntu Local Security Checks
high
58022FreeBSD : mozilla -- heap-buffer overflow (d7dbd2db-599c-11e1-a2fb-14dae9ebcf89)NessusFreeBSD Local Security Checks
medium
58020Fedora 16 : xulrunner-10.0.1-3.fc16 (2012-1856)NessusFedora Local Security Checks
high
800966Google Chrome < 17.0.963.56 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
6322Google Chrome < 17.0.963.56 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
high
58009SeaMonkey < 2.7.2 'png_decompress_chunk' Integer OverflowNessusWindows
high
58008Mozilla Thunderbird 3.1.x < 3.1.19 'png_decompress_chunk' Integer OverflowNessusWindows
high
58007Mozilla Thunderbird 10.x < 10.0.2 'png_decompress_chunk' Integer OverflowNessusWindows
high
58006Firefox 3.6.x < 3.6.27 'png_decompress_chunk' Integer OverflowNessusWindows
high
58005Firefox 10.x < 10.0.2 'png_decompress_chunk' Integer OverflowNessusWindows
high
57998Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : libpng vulnerabilities (USN-1367-1)NessusUbuntu Local Security Checks
high
57995RHEL 5 / 6 : xulrunner (RHSA-2012:0143)NessusRed Hat Local Security Checks
medium
57994RHEL 4 : firefox (RHSA-2012:0142)NessusRed Hat Local Security Checks
medium
57993RHEL 4 : seamonkey (RHSA-2012:0141)NessusRed Hat Local Security Checks
medium
57992RHEL 6 : thunderbird (RHSA-2012:0140)NessusRed Hat Local Security Checks
medium
57985CentOS 5 / 6 : xulrunner (CESA-2012:0143)NessusCentOS Local Security Checks
medium
57984CentOS 4 : firefox (CESA-2012:0142)NessusCentOS Local Security Checks
medium
57983CentOS 4 : seamonkey (CESA-2012:0141)NessusCentOS Local Security Checks
medium
57974Google Chrome < 17.0.963.56 Multiple VulnerabilitiesNessusWindows
high
57968FreeBSD : chromium -- multiple vulnerabilities (2f5ff968-5829-11e1-8288-00262d5ed8ee)NessusFreeBSD Local Security Checks
high
57964Debian DSA-2410-1 : libpng - integer overflowNessusDebian Local Security Checks
high