CVE-2011-3464

Published Jul 22, 2012

Last updated 13 years ago

CVSS info 7.5

Overview

Description: Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
Source: product-security@apple.com
NVD status: Analyzed

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-189

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8BA2974-AF9F-4382-B443-F54354B5623A"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CE8BC209-45B9-44D6-A26D-0B570ED5BB19"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "468B1A0E-AF58-42C4-9801-D6F83F283360"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6644ED2F-66F3-469D-8233-72FE7321E850"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B36D610D-F86A-4D46-B0F2-884FFA601C69"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C8A976DD-87FA-425D-8E07-E3CFC4D3FD05"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F34978D-6ABE-463E-AB48-21CC55B7D157"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3716FF0E-AD20-46F8-B8F6-3EC42D427C90"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7A4568BB-F5FF-4BBB-9DA3-E66C2BFA2416"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E5300EC4-B3A0-42C5-8D39-67AB75C47153"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "246CF13F-FDC1-499E-9FC1-5624D54E9E3F"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D5840A8E-AB64-40A9-8BB6-EB6BA51D40B4"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AC66FD43-421B-4223-BA32-EC47B51E1091"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EEC9D57C-47F2-4773-85B6-FFB0C4681E0C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References