CVE-2011-2501
First published: Mon Jun 27 2011(Updated: )
It was reported [1] that the fix for <a href="https://access.redhat.com/security/cve/CVE-2004-0421">CVE-2004-0421</a> in libpng was inadvertently reverted during the 1.2.23 development cycle. The original flaw could be used to cause a denial of service via a carefully-crafted PNG image. This would affect all versions of libpng >=1.2.23, including 1.4.x and 1.5.x. [1] <a href="http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement">http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement</a>
Credit: secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Libpng Libpng | >=1.5.0<1.5.4 | |
| Libpng Libpng | >=1.4.0<1.4.8 | |
| Libpng Libpng | >=1.2.0<1.2.45 | |
| Libpng Libpng | >=1.0.0<1.0.55 | |
| Fedoraproject Fedora | =14 | |
| Debian Debian Linux | =5.0 | |
| Debian Debian Linux | =6.0 | |
| Canonical Ubuntu Linux | =10.10 | |
| Canonical Ubuntu Linux | =11.04 | |
| Canonical Ubuntu Linux | =10.04 | |
| Canonical Ubuntu Linux | =8.04 | |
| redhat/libpng | <1.4.8 | 1.4.8 |
Remedy
http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/45046
- http://www.securityfocus.com/bid/48474
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=65e6d5a34f49acdb362a0625a706c6b914e670af
- http://www.openwall.com/lists/oss-security/2011/06/28/16
- https://bugzilla.redhat.com/show_bug.cgi?id=717084
- http://sourceforge.net/mailarchive/forum.php?thread_name=BANLkTikrnU6FJNQYFvwmt78hwpgKPVRd1Q%40mail.gmail.com&forum_name=png-mng-implement
- http://www.openwall.com/lists/oss-security/2011/06/27/13
- http://secunia.com/advisories/45415
- http://secunia.com/advisories/45486
- http://secunia.com/advisories/45289
- http://secunia.com/advisories/45460
- http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.617466
- http://www.debian.org/security/2011/dsa-2287
- http://secunia.com/advisories/45405
- http://www.redhat.com/support/errata/RHSA-2011-1105.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/062720.html
- http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
- http://www.ubuntu.com/usn/USN-1175-1
- http://secunia.com/advisories/45492
- http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
- http://secunia.com/advisories/49660
- http://security.gentoo.org/glsa/glsa-201206-15.xml
- https://exchange.xforce.ibmcloud.com/vulnerabilities/68517
- https://access.redhat.com/security/cve/CVE-2004-0421
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=65e6d5a34f49acdb362a0625a706c6b914e670af
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=717509
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=717512
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=717513
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=717510
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=717511
- https://rhn.redhat.com/errata/RHSA-2011-1105.html
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=65e6d5a34f49acdb362a0625a706c6b914e670af
- collector/nvd-historical
- collector/nvd-index
- collector/nvd-api
- agent/references
- agent/author
- agent/type
- agent/remedy
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/last-modified-date
- agent/description
- agent/severity
- agent/tags
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2501
- agent/software-canonical-lookup
- vendor/libpng
- canonical/libpng libpng
- version/libpng libpng/1.5.0
- version/libpng libpng/1.4.0
- version/libpng libpng/1.2.0
- version/libpng libpng/1.0.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/14
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/5.0
- version/debian debian linux/6.0
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/10.10
- version/canonical ubuntu linux/11.04
- version/canonical ubuntu linux/10.04
- version/canonical ubuntu linux/8.04
- package-manager/redhat