CVE
- Id
- 50960
- CVE No.
- CVE-2011-3048
- Status
- Candidate
- Description
- The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
- Phase
- Assigned (20110809)
- Votes
- None (candidate not yet proposed)
- Comments
Related CVE References
| Id | CVE Id | CVE No. | Reference | Actions |
|---|---|---|---|---|
| 549888 | 50960 | CVE-2011-3048 | CONFIRM:http://www.libpng.org/pub/png/libpng.html | View |
| 549889 | 50960 | CVE-2011-3048 | CONFIRM:http://www.libpng.org/pub/png/src/libpng-1.5.10-README.txt | View |
| 549890 | 50960 | CVE-2011-3048 | CONFIRM:http://support.apple.com/kb/HT5501 | View |
| 549891 | 50960 | CVE-2011-3048 | CONFIRM:http://support.apple.com/kb/HT5503 | View |
| 549892 | 50960 | CVE-2011-3048 | APPLE:APPLE-SA-2012-09-19-1 | View |
| 549893 | 50960 | CVE-2011-3048 | URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html | View |
| 549894 | 50960 | CVE-2011-3048 | APPLE:APPLE-SA-2012-09-19-2 | View |
| 549895 | 50960 | CVE-2011-3048 | URL:http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html | View |
| 549896 | 50960 | CVE-2011-3048 | DEBIAN:DSA-2446 | View |
| 549897 | 50960 | CVE-2011-3048 | URL:http://www.debian.org/security/2012/dsa-2446 | View |
| 549898 | 50960 | CVE-2011-3048 | FEDORA:FEDORA-2012-5515 | View |
| 549899 | 50960 | CVE-2011-3048 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079039.html | View |
| 549900 | 50960 | CVE-2011-3048 | FEDORA:FEDORA-2012-5518 | View |
| 549901 | 50960 | CVE-2011-3048 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/079051.html | View |
| 549902 | 50960 | CVE-2011-3048 | FEDORA:FEDORA-2012-5526 | View |
| 549903 | 50960 | CVE-2011-3048 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077472.html | View |
| 549904 | 50960 | CVE-2011-3048 | FEDORA:FEDORA-2012-4902 | View |
| 549905 | 50960 | CVE-2011-3048 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077819.html | View |
| 549906 | 50960 | CVE-2011-3048 | FEDORA:FEDORA-2012-5079 | View |
| 549907 | 50960 | CVE-2011-3048 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077007.html | View |
| 549908 | 50960 | CVE-2011-3048 | FEDORA:FEDORA-2012-5080 | View |
| 549909 | 50960 | CVE-2011-3048 | URL:http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077043.html | View |
| 549910 | 50960 | CVE-2011-3048 | GENTOO:GLSA-201206-15 | View |
| 549911 | 50960 | CVE-2011-3048 | URL:http://security.gentoo.org/glsa/glsa-201206-15.xml | View |
| 549912 | 50960 | CVE-2011-3048 | REDHAT:RHSA-2012:0523 | View |
| 549913 | 50960 | CVE-2011-3048 | URL:http://rhn.redhat.com/errata/RHSA-2012-0523.html | View |
| 549914 | 50960 | CVE-2011-3048 | UBUNTU:USN-1417-1 | View |
| 549915 | 50960 | CVE-2011-3048 | URL:http://ubuntu.com/usn/usn-1417-1 | View |
| 549916 | 50960 | CVE-2011-3048 | BID:52830 | View |
| 549917 | 50960 | CVE-2011-3048 | URL:http://www.securityfocus.com/bid/52830 | View |
| 549918 | 50960 | CVE-2011-3048 | OSVDB:80822 | View |
| 549919 | 50960 | CVE-2011-3048 | URL:http://www.osvdb.org/80822 | View |
| 549920 | 50960 | CVE-2011-3048 | SECTRACK:1026879 | View |
| 549921 | 50960 | CVE-2011-3048 | URL:http://www.securitytracker.com/id?1026879 | View |
| 549922 | 50960 | CVE-2011-3048 | SECUNIA:48587 | View |
| 549923 | 50960 | CVE-2011-3048 | URL:http://secunia.com/advisories/48587 | View |
| 549924 | 50960 | CVE-2011-3048 | SECUNIA:48644 | View |
| 549925 | 50960 | CVE-2011-3048 | URL:http://secunia.com/advisories/48644 | View |
| 549926 | 50960 | CVE-2011-3048 | SECUNIA:48665 | View |
| 549927 | 50960 | CVE-2011-3048 | URL:http://secunia.com/advisories/48665 | View |
| 549928 | 50960 | CVE-2011-3048 | SECUNIA:48721 | View |
| 549929 | 50960 | CVE-2011-3048 | URL:http://secunia.com/advisories/48721 | View |
| 549930 | 50960 | CVE-2011-3048 | SECUNIA:48983 | View |
| 549931 | 50960 | CVE-2011-3048 | URL:http://secunia.com/advisories/48983 | View |
| 549932 | 50960 | CVE-2011-3048 | SECUNIA:49660 | View |
| 549933 | 50960 | CVE-2011-3048 | URL:http://secunia.com/advisories/49660 | View |
| 549934 | 50960 | CVE-2011-3048 | XF:libpng-pngsettext2-code-execution(74494) | View |
Related JVN
| Id | JVN No. | Title | Summary | CVE No. | CVE Id | CVSS_v2 | CVSS_v3 | JVN URL | Actions |
|---|---|---|---|---|---|---|---|---|---|
| 26212 | JVNDB-2012-001919 | 複数の製品で使用される Webkit におけるサービス運用妨害 (DoS) の脆弱性 | Google Chrome には、block splitting の処理に不備があるため、サービス運用妨害 (DoS) 状態となる、またはその他の詳細不明な影響を受ける脆弱性が存在します。 | CVE-2011-3053 | 50960 | 7.5 | http://jvndb.jvn.jp/ja/contents/2012/JVNDB-2012-001919.html | View |
