Bug 790737 (CVE-2011-3026) - CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012-11)
Summary: CVE-2011-3026 libpng: Heap buffer overflow in png_decompress_chunk (MFSA 2012...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2011-3026
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
high
high
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
: 791030 (view as bug list)
Depends On: 791004 791005 791006 791007 791008 791016 791017 791018 791019 791020 791021 791022 791023 791024 791025 791026 791027 791183 791184 791185 794518
Blocks: 790741
TreeView+ depends on / blocked
 
Reported: 2012-02-15 09:54 UTC by Huzaifa S. Sidhpurwala
Modified: 2021-02-24 13:08 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2012-07-18 09:33:54 UTC
Embargoed:

Attachments (Terms of Use)
1.9.x patch (1009 bytes, patch)
2012-02-15 14:48 UTC, Martin Stransky 		no flags Details | Diff
View All


Links
System ID Private Priority Status Summary Last Updated
Mozilla Foundation 727401 0 -- VERIFIED libpng: integer overflow leading to heap-buffer overflow 2020-01-10 16:57:39 UTC
Red Hat Product Errata RHSA-2012:0140 0 normal SHIPPED_LIVE Critical: thunderbird security update 2012-02-17 00:00:01 UTC
Red Hat Product Errata RHSA-2012:0141 0 normal SHIPPED_LIVE Critical: seamonkey security update 2012-02-16 23:49:42 UTC
Red Hat Product Errata RHSA-2012:0142 0 normal SHIPPED_LIVE Critical: firefox security update 2012-02-16 23:59:54 UTC
Red Hat Product Errata RHSA-2012:0143 0 normal SHIPPED_LIVE Critical: xulrunner security update 2012-02-17 00:11:07 UTC
Red Hat Product Errata RHSA-2012:0317 0 normal SHIPPED_LIVE Important: libpng security update 2012-02-21 00:31:49 UTC

Description Huzaifa S. Sidhpurwala 2012-02-15 09:54:35 UTC 
A heap-based buffer overflow was found in libpng. An attacker could create a carefully crafted PNG file in such a way that it would cause an application linked with libpng to execute arbitrary code when the file was opened by a victim.

Reference:
http://googlechromereleases.blogspot.in/2012/02/chrome-stable-update.html
https://code.google.com/p/chromium/issues/detail?id=112822
Comment 5 Martin Stransky 2012-02-15 14:48:18 UTC 
Created attachment 562240 [details]
1.9.x patch

Patch for 1.9.x, modified file path and chunks.
Comment 19 Vincent Danen 2012-02-16 03:12:13 UTC 
*** Bug 791030 has been marked as a duplicate of this bug. ***
Comment 20 Huzaifa S. Sidhpurwala 2012-02-16 12:34:15 UTC 
Created libpng tracking bugs for this issue

Affects: fedora-all [bug 791183]
Comment 21 Huzaifa S. Sidhpurwala 2012-02-16 12:34:21 UTC 
Created thunderbird tracking bugs for this issue

Affects: fedora-all [bug 791185]
Comment 22 Huzaifa S. Sidhpurwala 2012-02-16 12:34:29 UTC 
Created firefox tracking bugs for this issue

Affects: fedora-all [bug 791184]
Comment 25 errata-xmlrpc 2012-02-16 18:50:07 UTC 
This issue has been addressed in seamonkey in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2012:0141 https://rhn.redhat.com/errata/RHSA-2012-0141.html
Comment 26 errata-xmlrpc 2012-02-16 19:01:24 UTC 
This issue has been addressed in firefox in following products:

  Red Hat Enterprise Linux 4

Via RHSA-2012:0142 https://rhn.redhat.com/errata/RHSA-2012-0142.html
Comment 27 errata-xmlrpc 2012-02-16 19:01:37 UTC 
This issue has been addressed in thunderbird in following products:

  Red Hat Enterprise Linux 6

Via RHSA-2012:0140 https://rhn.redhat.com/errata/RHSA-2012-0140.html
Comment 28 errata-xmlrpc 2012-02-16 19:11:45 UTC 
This issue has been addressed in xulrunner in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0143 https://rhn.redhat.com/errata/RHSA-2012-0143.html
Comment 34 Vincent Danen 2012-02-17 21:03:27 UTC 
External References:

http://www.mozilla.org/security/announce/2012/mfsa2012-11.html
Comment 35 errata-xmlrpc 2012-02-20 19:33:01 UTC 
This issue has been addressed in following products:

  Red Hat Enterprise Linux 4
  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2012:0317 https://rhn.redhat.com/errata/RHSA-2012-0317.html
Comment 36 Fedora Update System 2012-02-21 01:29:38 UTC 
libpng-1.2.46-2.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 37 Fedora Update System 2012-02-28 09:53:37 UTC 
libpng-1.2.46-2.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 38 Fedora Update System 2012-02-28 09:59:14 UTC 
libpng10-1.0.57-1.fc15 has been pushed to the Fedora 15 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 39 Fedora Update System 2012-02-28 10:04:19 UTC 
libpng10-1.0.57-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 40 Fedora Update System 2012-02-28 10:47:51 UTC 
libpng-1.5.8-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 41 Fedora Update System 2012-02-28 11:00:15 UTC 
libpng10-1.0.57-1.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 42 Fedora Update System 2012-03-06 07:06:21 UTC 
libpng10-1.0.57-1.el6 has been pushed to the Fedora EPEL 6 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 43 Tomas Hoger 2012-03-08 12:34:30 UTC 
Commits in chromium and mozilla repositories:

http://src.chromium.org/viewvc/chrome?view=rev&revision=121019
http://hg.mozilla.org/releases/mozilla-esr10/rev/cc9013d9ffc1
Note You need to log in before you can comment on or make changes to this bug.