CVE-2011-2692

NameCVE-2011-2692
DescriptionThe png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2287-1
NVD severitymedium
Debian Bugs633871

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsourcelenny1.2.27-2+lenny5DSA-2287-1
libpngsourcesqueeze1.2.44-1+squeeze1DSA-2287-1
libpngsource(unstable)1.2.46-1low633871

Search for package or bug name: Reporting problems