Bug 790737 (CVE-2011-3026) - CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
Summary: CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3026
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 791030 (view as bug list)
Depends On: 791004 791005 791006 791007 791008 791016 791017 791018 791019 791020 791021 791022 791023 791024 791025 791026 791027 791183 791184 791185 794518
Blocks: 790741
TreeView+ depends on / blocked
 
Reported: 2012-02-15 09:54 UTC by Huzaifa S. Sidhpurwala
Modified: 2019-09-29 12:50 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-07-18 09:33:54 UTC


Attachments (Terms of Use)
1.9.x patch (1009 bytes, patch)
2012-02-15 14:48 UTC, Martin Stransky
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Mozilla Foundation 727401 -- VERIFIED libpng: integer overflow leading to heap-buffer overflow 2020-01-10 16:57:39 UTC
Red Hat Product Errata RHSA-2012:0140 normal SHIPPED_LIVE Critical: thunderbird security update 2012-02-17 00:00:01 UTC
Red Hat Product Errata RHSA-2012:0141 normal SHIPPED_LIVE Critical: seamonkey security update 2012-02-16 23:49:42 UTC
Red Hat Product Errata RHSA-2012:0142 normal SHIPPED_LIVE Critical: firefox security update 2012-02-16 23:59:54 UTC
Red Hat Product Errata RHSA-2012:0143 normal SHIPPED_LIVE Critical: xulrunner security update 2012-02-17 00:11:07 UTC
Red Hat Product Errata RHSA-2012:0317 normal SHIPPED_LIVE Important: libpng security update 2012-02-21 00:31:49 UTC

Description Huzaifa S. Sidhpurwala 2012-02-15 09:54:35 UTC
A heap-based buffer overflow was found in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim.

Reference:
http://googlechromereleases.blogspot.in/2012/02/chrome-stable-update.html
https://code.google.com/p/chromium/issues/detail?id=112822

Comment 5 Martin Stransky 2012-02-15 14:48:18 UTC
Created attachment 562240 [details]
1.9.x patch

Patch for 1.9.x, modified file path and chunks.

Comment 19 Vincent Danen 2012-02-16 03:12:13 UTC
*** Bug 791030 has been marked as a duplicate of this bug. ***

Comment 20 Huzaifa S. Sidhpurwala 2012-02-16 12:34:15 UTC
Created libpng tracking bugs for this issue

Affects: fedora-all [bug 791183]

Comment 21 Huzaifa S. Sidhpurwala 2012-02-16 12:34:21 UTC
Created thunderbird tracking bugs for this issue

Affects: fedora-all [bug 791185]

Comment 22 Huzaifa S. Sidhpurwala 2012-02-16 12:34:29 UTC
Created firefox tracking bugs for this issue

Affects: fedora-all [bug 791184]

Comment 25 errata-xmlrpc 2012-02-16 18:50:07 UTC
This issue has been addressed in seamonkey in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2012:0141 https://rhn.redhat.com/errata/RHSA-2012-0141.html

Comment 26 errata-xmlrpc 2012-02-16 19:01:24 UTC
This issue has been addressed in firefox in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2012:0142 https://rhn.redhat.com/errata/RHSA-2012-0142.html

Comment 27 errata-xmlrpc 2012-02-16 19:01:37 UTC
This issue has been addressed in thunderbird in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0140 https://rhn.redhat.com/errata/RHSA-2012-0140.html

Comment 28 errata-xmlrpc 2012-02-16 19:11:45 UTC
This issue has been addressed in xulrunner in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0143 https://rhn.redhat.com/errata/RHSA-2012-0143.html

Comment 34 Vincent Danen 2012-02-17 21:03:27 UTC
External References:

http://www.mozilla.org/security/announce/2012/mfsa2012-11.html

Comment 35 errata-xmlrpc 2012-02-20 19:33:01 UTC
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0317 https://rhn.redhat.com/errata/RHSA-2012-0317.html

Comment 36 Fedora Update System 2012-02-21 01:29:38 UTC
libpng-1.2.46-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 37 Fedora Update System 2012-02-28 09:53:37 UTC
libpng-1.2.46-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 38 Fedora Update System 2012-02-28 09:59:14 UTC
libpng10-1.0.57-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 39 Fedora Update System 2012-02-28 10:04:19 UTC
libpng10-1.0.57-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 40 Fedora Update System 2012-02-28 10:47:51 UTC
libpng-1.5.8-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 41 Fedora Update System 2012-02-28 11:00:15 UTC
libpng10-1.0.57-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 42 Fedora Update System 2012-03-06 07:06:21 UTC
libpng10-1.0.57-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.