| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 8.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Greg Roelofs libpng up to 1.5.9 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file pngset.c. The manipulation results in memory corruption. This vulnerability is identified as CVE-2011-3048. There is not any exploit available. It is suggested to upgrade the affected component.
Details
A vulnerability, which was classified as critical, was found in Greg Roelofs libpng up to 1.5.9 (Image Processing Software). Affected is an unknown code of the file pngset.c. The manipulation with an unknown input leads to a memory corruption vulnerability. CWE is classifying the issue as CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. This is going to have an impact on confidentiality, integrity, and availability. CVE summarizes:
The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before 1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.
The weakness was released 03/29/2012 by glennrp as confirmed changelog entry (Website). The advisory is shared for download at freecode.com. The public release was coordinated with the vendor. This vulnerability is traded as CVE-2011-3048 since 08/09/2011. The exploitability is told to be difficult. It is possible to launch the attack remotely. A authentication is needed for exploitation. There are known technical details, but no exploit is available.
The vulnerability scanner Nessus provides a plugin with the ID 74594 (openSUSE Security Update : libpng (openSUSE-SU-2012:0491-1)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family SuSE Local Security Checks and running in the context l. The commercial vulnerability scanner Qualys is able to test this issue with plugin 216041 (VMWare ESXi 5.0.0 Patch ESXi500-Update02 Missing (KB2033751)).
Upgrading to version 1.5.10, 1.4.11, 1.2.49 eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (74494), Tenable (74594), SecurityFocus (BID 52830†), OSVDB (80822†) and Secunia (SA48587†). Entries connected to this vulnerability are available at VDB-4291, VDB-4514, VDB-4515 and VDB-4518. VulDB is the best source for vulnerability data and more expert information about this specific topic.
Product
Type
Vendor
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 9.9VulDB Meta Temp Score: 8.6
VulDB Base Score: 9.9
VulDB Temp Score: 8.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Memory corruptionCWE: CWE-119
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Unproven
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 74594
Nessus Name: openSUSE Security Update : libpng (openSUSE-SU-2012:0491-1)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Context: 🔍
Nessus Port: 🔍
OpenVAS ID: 71250
OpenVAS Name: Debian Security Advisory DSA 2446-1 (libpng)
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Upgrade: libpng 1.5.10, 1.4.11, 1.2.49
Timeline
08/09/2011 🔍03/29/2012 🔍
03/29/2012 🔍
03/30/2012 🔍
03/30/2012 🔍
03/31/2012 🔍
04/04/2012 🔍
05/29/2012 🔍
06/13/2014 🔍
03/22/2021 🔍
Sources
Advisory: freecode.comResearcher: glennrp
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2011-3048 (🔍)
GCVE (CVE): GCVE-0-2011-3048
GCVE (VulDB): GCVE-100-5016
OVAL: 🔍
X-Force: 74494 - libpng png_set_text_2() code execution, High Risk
SecurityFocus: 52830
Secunia: 48587 - libpng "png_set_text_2()" Memory Corruption Vulnerability, Moderately Critical
OSVDB: 80822
SecurityTracker: 1026879 - libpng png_set_text_2() Memory Corruption Error May Let Remote Users Execute Arbitrary Code
See also: 🔍
Entry
Created: 04/04/2012 10:06Updated: 03/22/2021 14:22
Changes: 04/04/2012 10:06 (82), 08/18/2017 13:50 (3), 03/22/2021 14:16 (4), 03/22/2021 14:22 (1)
Complete: 🔍
Cache ID: 216:0BF:103
VulDB is the best source for vulnerability data and more expert information about this specific topic.
No comments yet. Languages: en.
Please log in to comment.