CVE-2011-3328

NameCVE-2011-3328
DescriptionThe png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsource(unstable)(not affected)

Notes

- libpng <not-affected> (Introduced in 1.5.4, which was only in experimental and which has been fixed since then)

Search for package or bug name: Reporting problems