Vulnerability Note VU#523889
libpng chunk decompression integer overflow vulnerability
Overview
The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.
Description
The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format. The libpng library contains an integer overflow in the png_decompress_chunk() function, which can result in a buffer overflow. |
Impact
By causing libpng to process a specially-crafted PNG file (e.g. by visiting a web page, viewing an email, or opening a document), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the application that uses libpng. |
Solution
Apply an update |
Vendor Information (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| Apple Inc. | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Debian GNU/Linux | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Fedora Project | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Gentoo Linux | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Affected | 23 Feb 2012 | 23 Feb 2012 | |
| Novell, Inc. | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Red Hat, Inc. | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Slackware Linux Inc. | Affected | 23 Feb 2012 | 23 Feb 2012 |
| SUSE Linux | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Ubuntu | Affected | 23 Feb 2012 | 23 Feb 2012 |
| Juniper Networks, Inc. | Not Affected | 23 Feb 2012 | 02 Mar 2012 |
| Openwall GNU/*/Linux | Not Affected | 23 Feb 2012 | 01 Mar 2012 |
| Conectiva Inc. | Unknown | 23 Feb 2012 | 23 Feb 2012 |
| Cray Inc. | Unknown | 23 Feb 2012 | 23 Feb 2012 |
| DragonFly BSD Project | Unknown | 23 Feb 2012 | 23 Feb 2012 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://libpng.org/pub/png/libpng.html
- http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
Credit
Thanks to Jüri Aedla for reporting this vulnerability to the Google Chrome team.
This document was written by Will Dormann.
Other Information
- CVE IDs: CVE-2011-3026
- Date Public: 15 Feb 2012
- Date First Published: 23 Feb 2012
- Date Last Updated: 02 Mar 2012
- Severity Metric: 24.75
- Document Revision: 6
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.