Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-2690

Опубликовано: 17 июл. 2011
Источник: nvd
CVSS3: 8.8
CVSS2: 6.8
EPSS Низкий

Описание

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Версия от 1.0.0 (включая) до 1.0.55 (исключая)
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Версия от 1.2.0 (включая) до 1.2.45 (исключая)
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Версия от 1.4.0 (включая) до 1.4.8 (исключая)
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Версия от 1.5.0 (включая) до 1.5.4 (исключая)
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*

EPSS

Процентиль: 75%
0.00931
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-120

Связанные уязвимости

ubuntu логотип

CVE-2011-2690

CVSS3: 8.8
ubuntu
больше 14 лет назад

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

redhat логотип

CVE-2011-2690

redhat
больше 14 лет назад

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

debian логотип

CVE-2011-2690

CVSS3: 8.8
debian
больше 14 лет назад

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1. ...

github логотип

GHSA-45qx-49q8-7q26

CVSS3: 8.8
github
больше 3 лет назад

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

oracle-oval логотип

ELSA-2011-1104

oracle-oval
больше 14 лет назад

ELSA-2011-1104: libpng security update (MODERATE)

EPSS

Процентиль: 75%
0.00931
Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-120