CVE-2011-3328 — Roelofs Libpng vulnerability

5 documents5 sources

Severity

2.6LOWNVD

EPSS

7.8%

top 8.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Greg Roelofs Libpng

Timeline

PublishedJan 17

Latest updateMay 17

Description

The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.

CVSS vector

AV:N/AC:H/C:N/I:N/A:PExploitability: 4.9 | Impact: 2.9

Affected Packages1 packages

▶NVDgreg_roelofs/libpng1.5.4

Patches

Patch: libpng.org ↗Patch: www.kb.cert.org ↗Patch: libpng.org ↗

🔴Vulnerability Details

GHSA

GHSA-8rjx-6w92-3m27: The png_handle_cHRM function in pngrutil↗2022-05-17

▶

CVEList

CVE-2011-3328: The png_handle_cHRM function in pngrutil↗2012-01-17

▶

📋Vendor Advisories

Red Hat

libpng: malformed cHRM divide-by-zero vulnerability in 1.5.4↗2011-09-22

▶

💬Community

Bugzilla

CVE-2011-3328 libpng: malformed cHRM divide-by-zero vulnerability in 1.5.4↗2011-09-23

▶