CVE-2011-3026

Опубликовано: 16 фев. 2012

Источник: nvd

CVSS2: 6.8

EPSS Средний

Описание

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

Ссылки

http://code.google.com/p/chromium/issues/detail?id=112822
Exploit
Vendor Advisory
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
Release Notes
Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html
Mailing List
Third Party Advisory
http://secunia.com/advisories/48016
Not Applicable
http://secunia.com/advisories/48110
Not Applicable
http://secunia.com/advisories/49660
Not Applicable
http://security.gentoo.org/glsa/glsa-201206-15.xml
Third Party Advisory
http://support.apple.com/kb/HT5501
Third Party Advisory
http://support.apple.com/kb/HT5503
Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A15032
Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=112822
Exploit
Vendor Advisory
http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
Release Notes
Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00003.html
Mailing List
Third Party Advisory
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00020.html
Mailing List
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html
Mailing List
Third Party Advisory
http://secunia.com/advisories/48016
Not Applicable

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*

Версия до 17.0.963.56 (исключая)

Конфигурация 2

Одно из

cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*

Версия до 6.0 (исключая)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Версия от 10.7.0 (включая) до 10.7.5 (исключая)

cpe:2.3:o:apple:mac_os_x:10.6.8:*:*:*:*:*:*:*

cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*

Версия от 10.7.0 (включая) до 10.7.5 (исключая)

cpe:2.3:o:apple:mac_os_x_server:10.6.8:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:*:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:sp2:*:*

cpe:2.3:o:suse:suse_linux_enterprise_server:11:sp1:*:*:*:vmware:*:*

EPSS

Процентиль: 97%

0.34687

Средний

6.8 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2011-3026

ubuntu

больше 13 лет назад

CVE-2011-3026

redhat

больше 13 лет назад

CVE-2011-3026

debian

больше 13 лет назад

Integer overflow in libpng, as used in Google Chrome before 17.0.963.5 ...

GHSA-9qqw-9qvw-hj9x

github

больше 3 лет назад

ELSA-2012-0317

oracle-oval

больше 13 лет назад

ELSA-2012-0317: libpng security update (IMPORTANT)

EPSS

Процентиль: 97%

0.34687

Средний

6.8 Medium

CVSS2

Дефекты

CWE-190