CVE-2011-3045

Published: Mar 22, 2012Modified: Apr 29, 2026

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Affected (18)

Products: Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora · +3 more

Show all products

Google: Chrome · Debian: Debian Linux · Fedoraproject: Fedora · Opensuse: Opensuse · Redhat: Enterprise Linux, Enterprise Linux Desktop, Enterprise Linux Server Aus, Enterprise Linux Server Eus, Enterprise Linux Workstation, Gluster Storage, Storage, Storage For Public Cloud · Libpng: Libpng

1 product

1 product

1 product

1 product

8 products

Enterprise Linux Desktop

Enterprise Linux Server Aus

Enterprise Linux Server Eus

Enterprise Linux Workstation

Gluster Storage

Storage

Storage For Public Cloud

Libpng

1 product

Libpng

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Chrome	Before 17.0.963.83

Configuration B

16 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0
Fedoraproject Fedora	Version 15
Fedoraproject Fedora	Version 16
Fedoraproject Fedora	Version 17
Opensuse Opensuse	Version 12.1
Redhat Enterprise Linux	Version 5.0
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Server Aus	Version 6.2
Redhat Enterprise Linux Server Eus	Version 6.2
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Gluster Storage	Version 2.0
Redhat Storage	Version 2.0
Redhat Storage For Public Cloud	Version 2.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Libpng Libpng	Before 1.5.10

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

CWE-195

Signed to Unsigned Conversion Error

The product uses a signed primitive and performs a cast to an unsigned primitive, which can produce an unexpected value if the value of the signed primitive can not be represented using an unsigned primitive.

References (50)

http://code.google.com/p/chromium/issues/detail?id=116162

Source: cve@mitre.org

Vendor Advisory

http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html

Source: cve@mitre.org

Release NotesVendor Advisory

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b

Source: cve@mitre.org

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0407.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-0488.html

Source: cve@mitre.org

Third Party Advisory

http://secunia.com/advisories/48320

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48485

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48512

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/48554

Source: cve@mitre.org

Not Applicable

http://secunia.com/advisories/49660

Source: cve@mitre.org

Not Applicable

http://security.gentoo.org/glsa/glsa-201206-15.xml

Source: cve@mitre.org

Third Party Advisory

http://src.chromium.org/viewvc/chrome?view=rev&revision=125311

Source: cve@mitre.org

PatchVendor Advisory

http://www.debian.org/security/2012/dsa-2439

Source: cve@mitre.org

Third Party Advisory

http://www.mandriva.com/security/advisories?name=MDVSA-2012:033

Source: cve@mitre.org

Not Applicable

http://www.securitytracker.com/id?1026823

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://bugzilla.redhat.com/show_bug.cgi?id=799000

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763

Source: cve@mitre.org

Third Party Advisory

http://code.google.com/p/chromium/issues/detail?id=116162