CVE-2011-3048

Published: 05/29/2012 20:55:04

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.

MEDIUM
CVSS v2: 6.8

Status

DocFilters Release	Package	State	Justification	Comment
25.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.4	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.4.0	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.3	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.2.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.2	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
24.1	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
23.3	libpng (1.6.40)	Not Affected	Code Not Present	1.6.40 does not match CVE configuration.
23.2.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
23.2	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
23.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.4	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.3	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.2	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
22.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.11.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.11	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.8.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.8	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.5.1	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.5.0	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
21.2.0	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.20	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.19.3667	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.18.3599	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.17	libpng (1.6.37)	Not Affected	Code Not Present	1.6.37 does not match CVE configuration.
11.4.16.3445	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.15.3368	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.14.3263	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.13.3179	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.12.3054	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.11.3040	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.11.2990	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.10.2934	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.9.2878	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.
11.4.8.2822	libpng (1.6.28)	Not Affected	Code Not Present	1.6.28 does not match CVE configuration.

Severity score breakdown

References

NVD
MITRE