Executive Summary
Summary | |
---|---|
Title | Libpng 1.5.0 png_set_rgb_to_gray() vulnerability |
Informations | |||
---|---|---|---|
Name | VU#643140 | First vendor Publication | 2011-01-11 |
Vendor | VU-CERT | Last vendor Modification | 2011-02-03 |
Severity (Vendor) | N/A | Revision | M |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Vulnerability Note VU#643140Libpng 1.5.0 png_set_rgb_to_gray() vulnerabilityOverviewLibpng-1.5.0 introduced a vulnerability in the rgb-to-gray transform function.I. DescriptionLibpng based applications that call the png_set_rgb_to_gray() function from pngrtran.c are vulnerable. Libpng versions prior to 1.5.0 are not vulnerable.II. ImpactAn attacker may cause the application to crash or execute arbitrary code as the user.III. SolutionApply an UpdateUpgrade to version 1.5.1.
Referenceshttp://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement Thanks to Glenn Randers-Pehrson for reporting this vulnerability. This document was written by Jared Allar.
|
Original Source
Url : http://www.kb.cert.org/vuls/id/643140 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
70417 | libpng pngrtran.c png_do_rgb_to_gray() Function PNG File Handling Overflow libpng is prone to an overflow condition. The 'png_do_expand_palette()' and 'png_do_rgb_to_gray()' functions in 'pngrtran.c' fail to properly sanitize user-supplied input resulting in a buffer overflow. With a specially crafted PNG file, a context-dependent attacker can cause a denial of service. It is possible, though not yet confirmed, that this vulnerability may also be exploited to allow an attacker to execute arbitrary code. |