Vulnerability Note VU#523889

libpng chunk decompression integer overflow vulnerability

Original Release date: 23 Feb 2012 | Last revised: 02 Mar 2012

Overview

The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.

Description

The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format.

The libpng library contains an integer overflow in the png_decompress_chunk() function, which can result in a buffer overflow.

Impact

By causing libpng to process a specially-crafted PNG file (e.g. by visiting a web page, viewing an email, or opening a document), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the application that uses libpng.

Solution

Apply an update
This issue has been addressed in libpng versions 1.0.57, 1.2.47, 1.4.9, and 1.5.9. Please check with your software vendor for updates that utilize a fixed version of libpng.

Vendor Information (Learn More)

VendorStatusDate NotifiedDate Updated
Apple Inc.Affected23 Feb 201223 Feb 2012
Debian GNU/LinuxAffected23 Feb 201223 Feb 2012
Fedora ProjectAffected23 Feb 201223 Feb 2012
Gentoo LinuxAffected23 Feb 201223 Feb 2012
GoogleAffected23 Feb 201223 Feb 2012
Novell, Inc.Affected23 Feb 201223 Feb 2012
Red Hat, Inc.Affected23 Feb 201223 Feb 2012
Slackware Linux Inc.Affected23 Feb 201223 Feb 2012
SUSE LinuxAffected23 Feb 201223 Feb 2012
UbuntuAffected23 Feb 201223 Feb 2012
Juniper Networks, Inc.Not Affected23 Feb 201202 Mar 2012
Openwall GNU/*/LinuxNot Affected23 Feb 201201 Mar 2012
Conectiva Inc.Unknown23 Feb 201223 Feb 2012
Cray Inc.Unknown23 Feb 201223 Feb 2012
DragonFly BSD ProjectUnknown23 Feb 201223 Feb 2012
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

Thanks to Jüri Aedla for reporting this vulnerability to the Google Chrome team.

This document was written by Will Dormann.

Other Information

  • CVE IDs: CVE-2011-3026
  • Date Public: 15 Feb 2012
  • Date First Published: 23 Feb 2012
  • Date Last Updated: 02 Mar 2012
  • Severity Metric: 24.75
  • Document Revision: 6

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.