CVE-2011-2692
libpng: Invalid read when handling empty sCAL chunks
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
La función png_handle_sCAL de pngrutil.c en libpng v1.0.x antes de la v1.0.55, en v1.2.x antes de la v1.2.45, en v1.4.x antes de la v1.4.8, y en v1.5.x antes de la v1.5.4, no controla correctamente fragmentos inválidos SCAL, que permiten a atacantes remotos causar una denegación de servicio (corrupción de memoria y caída de aplicación) o posiblemente tener un impacto no especificado a través de una imagen PNG creada que provoca la lectura de la memoria sin inicializar.
OS X Lion v10.7.4 and Security Update 2012-002 is now available and addresses multiple security issues. An issue existed in the handling of network account logins. The login process recorded sensitive information in the system log, where other users of the system could read it. A temporary file race condition issue existed in blued's initialization routine. There are known attacks on the confidentiality of SSL 3.0 and TLS 1.0 when a cipher suite uses a block cipher in CBC mode. curl disabled the 'empty fragment' countermeasure which prevented these attacks. This issue is addressed by enabling empty fragments. A data injection issue existed in curl's handling of URLs. This issue is addressed through improved validation of URLs. This issue does not affect systems prior to OS X Lion. Various other vulnerabilities have been addressed.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2011-07-11 CVE Reserved
- 2011-07-17 CVE Published
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- 2025-05-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (29)
| URL | Tag | Source |
|---|---|---|
| http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339 | X_refsource_confirm | |
| http://secunia.com/advisories/45046 | Broken Link | |
| http://secunia.com/advisories/45405 | Broken Link | |
| http://secunia.com/advisories/45415 | Broken Link | |
| http://secunia.com/advisories/45445 | Broken Link | |
| http://secunia.com/advisories/45460 | Broken Link | |
| http://secunia.com/advisories/45461 | Broken Link | |
| http://secunia.com/advisories/45492 | Broken Link | |
| http://secunia.com/advisories/49660 | Broken Link | |
| http://support.apple.com/kb/HT5002 | Third Party Advisory |
|
| http://support.apple.com/kb/HT5281 | Third Party Advisory |
|
| http://www.kb.cert.org/vuls/id/819894 | Third Party Advisory |
|
| http://www.openwall.com/lists/oss-security/2011/07/13/2 | Mailing List |
|
| http://www.securityfocus.com/bid/48618 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68536 | Third Party Advisory |
| URL | Date | SRC |
|---|---|---|
| http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement | 2024-08-06 |
| URL | Date | SRC |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=720612 | 2011-07-28 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | >= 1.0.0 < 1.0.55 Search vendor "Libpng" for product "Libpng" and version " >= 1.0.0 < 1.0.55" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | >= 1.2.0 < 1.2.45 Search vendor "Libpng" for product "Libpng" and version " >= 1.2.0 < 1.2.45" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | >= 1.4.0 < 1.4.8 Search vendor "Libpng" for product "Libpng" and version " >= 1.4.0 < 1.4.8" | - |
Affected
| ||||||
| Libpng Search vendor "Libpng" | Libpng Search vendor "Libpng" for product "Libpng" | >= 1.5.0 < 1.5.4 Search vendor "Libpng" for product "Libpng" and version " >= 1.5.0 < 1.5.4" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 14 Search vendor "Fedoraproject" for product "Fedora" and version "14" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 6.0 Search vendor "Debian" for product "Debian Linux" and version "6.0" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 10.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.10" | - |
Affected
| ||||||
| Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 11.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "11.04" | - |
Affected
| ||||||