// For flags

CVE-2011-2501

libpng: regression of CVE-2004-0421 in 1.2.23+

Severity Score

6.5
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message data. NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-by-one error by some sources.

La función png_format_buffer en pngerror.c en libpng v1.0.x antes de v1.0.55, en v1.2.x antes de v1.2.45, en v1.4.x antes de v1.4.8, y en v1.5.x antesde v1.5.4, permite a atacantes remotos causar una denegación de servicio (caída de aplicación) a través de una imagen PNG creada que desencadena una lectura out-of-bounds durante la copia de los datos del mensaje de error. NOTA: esta vulnerabilidad existe debido a una regresión CVE-2004-0421.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2011-06-15 CVE Reserved
  • 2011-07-17 CVE Published
  • 2023-08-05 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-125: Out-of-bounds Read
CAPEC
References (24)
URL Tag Source
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af X_refsource_confirm
http://secunia.com/advisories/45046 Broken Link
http://secunia.com/advisories/45289 Broken Link
http://secunia.com/advisories/45405 Broken Link
http://secunia.com/advisories/45415 Broken Link
http://secunia.com/advisories/45460 Broken Link
http://secunia.com/advisories/45486 Broken Link
http://secunia.com/advisories/45492 Broken Link
http://secunia.com/advisories/49660 Broken Link
http://www.securityfocus.com/bid/48474 Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/68517 Third Party Advisory
URL Date SRC
http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement 2024-08-06
URL Date SRC
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466 2023-11-07
http://www.openwall.com/lists/oss-security/2011/06/27/13 2023-11-07
http://www.openwall.com/lists/oss-security/2011/06/28/16 2023-11-07
https://bugzilla.redhat.com/show_bug.cgi?id=717084 2011-07-28
URL Date SRC
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html 2023-11-07
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html 2023-11-07
http://security.gentoo.org/glsa/glsa-201206-15.xml 2023-11-07
http://www.debian.org/security/2011/dsa-2287 2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 2023-11-07
http://www.redhat.com/support/errata/RHSA-2011-1105.html 2023-11-07
http://www.ubuntu.com/usn/USN-1175-1 2023-11-07
https://access.redhat.com/security/cve/CVE-2011-2501 2011-07-28
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Libpng
Search vendor "Libpng"
 Libpng
Search vendor "Libpng" for product "Libpng"
 >= 1.0.0 < 1.0.55
Search vendor "Libpng" for product "Libpng" and version " >= 1.0.0 < 1.0.55"
-
Affected
Libpng
Search vendor "Libpng"
 Libpng
Search vendor "Libpng" for product "Libpng"
 >= 1.2.0 < 1.2.45
Search vendor "Libpng" for product "Libpng" and version " >= 1.2.0 < 1.2.45"
-
Affected
Libpng
Search vendor "Libpng"
 Libpng
Search vendor "Libpng" for product "Libpng"
 >= 1.4.0 < 1.4.8
Search vendor "Libpng" for product "Libpng" and version " >= 1.4.0 < 1.4.8"
-
Affected
Libpng
Search vendor "Libpng"
 Libpng
Search vendor "Libpng" for product "Libpng"
 >= 1.5.0 < 1.5.4
Search vendor "Libpng" for product "Libpng" and version " >= 1.5.0 < 1.5.4"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 14
Search vendor "Fedoraproject" for product "Fedora" and version "14"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 5.0
Search vendor "Debian" for product "Debian Linux" and version "5.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 6.0
Search vendor "Debian" for product "Debian Linux" and version "6.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 8.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 10.10
Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 11.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "11.04"
-
Affected