Launchpad.net

CVE 2011-3048

The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.libpng.org/...
CONFIRM: http://www.libpng.org/...
DEBIAN: DSA-2446
REDHAT: RHSA-2012:0523
UBUNTU: USN-1417-1
OSVDB: 80822
SECUNIA: 48587
SECUNIA: 48644
SECUNIA: 48665
SECUNIA: 48721
SECUNIA: 48983
SECTRACK: 1026879
BID: 52830
GENTOO: GLSA-201206-15
SECUNIA: 49660
FEDORA: FEDORA-2012-5515
FEDORA: FEDORA-2012-5518
FEDORA: FEDORA-2012-5526
FEDORA: FEDORA-2012-4902
FEDORA: FEDORA-2012-5079
FEDORA: FEDORA-2012-5080
CONFIRM: http://support.apple.c...
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2012-09-19-1
APPLE: APPLE-SA-2012-09-19-2
XF: libpng-pngsettext2-cod...
MANDRIVA: MDVSA-2012:046

Launchpad.net

CVE 2011-3048

Related bugs

References