CVE-2011-3045

Publication date 20 March 2012

Last updated 24 July 2024


Ubuntu priority

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Read the notes from the security team

Status

Package Ubuntu Release Status
chromium-browser 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy Not in release
firefox 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life
libpng 12.04 LTS precise
Fixed 1.2.46-3ubuntu3
11.10 oneiric
Fixed 1.2.46-3ubuntu1.2
11.04 natty
Fixed 1.2.44-1ubuntu3.3
10.10 maverick
Fixed 1.2.44-1ubuntu0.3
10.04 LTS lucid
Fixed 1.2.42-1ubuntu2.4
8.04 LTS hardy
Fixed 1.2.15~beta5-3ubuntu0.6
thunderbird 12.04 LTS precise
Not affected
11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick Ignored end of life
10.04 LTS lucid
Not affected
8.04 LTS hardy Ignored end of life

Notes


jdstrand

firefox and thunderbird 16 are not affected

References

Related Ubuntu Security Notices (USN)

Other references