Vulnerability Details : CVE-2011-2692
The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
Vulnerability category: OverflowMemory CorruptionDenial of service
Threat overview for CVE-2011-2692
Top countries where our scanners detected CVE-2011-2692
Top open port discovered on systems with this issue
8200
IPs affected by CVE-2011-2692 2,320
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2011-2692!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2011-2692
Probability of exploitation activity in the next 30 days: 2.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 88 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2011-2692
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST |
CWE ids for CVE-2011-2692
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2692
-
http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement
PNG and MNG/JNG image formats: home site / Thread: [png-mng-implement] 1.2.x: sCAL pointer issueExploit;Issue Tracking;Third Party Advisory
-
http://lists.apple.com/archives/security-announce/2012/May/msg00001.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://support.apple.com/kb/HT5281
About the security content of OS X Lion v10.7.4 and Security Update 2012-002 - Apple SupportThird Party Advisory
-
http://www.securityfocus.com/bid/48618
libpng PNG File Denial Of Service VulnerabilityThird Party Advisory;VDB Entry
-
http://www.kb.cert.org/vuls/id/819894
VU#819894 - libpng invalid sCAL chunk processing vulnerabilityThird Party Advisory;US Government Resource
-
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
Apple - Lists.apple.comMailing List;Third Party Advisory
-
http://www.libpng.org/pub/png/libpng.html
libpng Home PageProduct;Vendor Advisory
-
http://security.gentoo.org/glsa/glsa-201206-15.xml
libpng: Multiple vulnerabilities (GLSA 201206-15) — Gentoo securityThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2011/07/13/2
oss-security - Security issues fixed in libpng 1.5.4Mailing List;Third Party Advisory
-
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=61a2d8a2a7b03023e63eae9a3e64607aaaa6d339
LIBPNG: PNG reference library / Git tools
-
https://bugzilla.redhat.com/show_bug.cgi?id=720612
720612 – (CVE-2011-2692) CVE-2011-2692 libpng: Invalid read when handling empty sCAL chunksIssue Tracking;Patch;Third Party Advisory
-
http://www.ubuntu.com/usn/USN-1175-1
USN-1175-1: libpng vulnerabilities | Ubuntu security noticesThird Party Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/68536
libpng PNG file denial of service CVE-2011-2692 Vulnerability ReportThird Party Advisory;VDB Entry
-
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
[SECURITY] Fedora 14 Update: libpng-1.2.46-1.fc14Mailing List;Third Party Advisory
-
http://support.apple.com/kb/HT5002
About the security content of OS X Lion v10.7.2 and Security Update 2011-006 - Apple SupportThird Party Advisory
-
http://www.debian.org/security/2011/dsa-2287
Debian -- Security Information -- DSA-2287-1 libpngThird Party Advisory
Products affected by CVE-2011-2692
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*