Skip to navigation

CVE Database

CVE-2011-3026

Impact: Important
Public: 2012-02-16
Bugzilla: 790737: CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)

Details

The MITRE CVE dictionary describes this issue as:

Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.

Find out more about CVE-2011-3026 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.8
Base Metrics: AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
Red Hat Enterprise Linux version 4 RHSA-2012:0317 February 20, 2012
Red Hat Enterprise Linux version 4 (firefox) RHSA-2012:0142 February 16, 2012
Red Hat Enterprise Linux version 4 (seamonkey) RHSA-2012:0141 February 16, 2012
Red Hat Enterprise Linux version 5 (libpng) RHSA-2012:0317 February 20, 2012
Red Hat Enterprise Linux version 5 (xulrunner) RHSA-2012:0143 February 16, 2012
Red Hat Enterprise Linux version 6 (libpng) RHSA-2012:0317 February 20, 2012
Red Hat Enterprise Linux version 6 (thunderbird) RHSA-2012:0140 February 16, 2012
Red Hat Enterprise Linux version 6 (xulrunner) RHSA-2012:0143 February 16, 2012

External References

http://www.mozilla.org/security/announce/2012/mfsa2012-11.html

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.