ID CVE-2011-3328
Summary The png_handle_cHRM function in pngrutil.c in libpng 1.5.4, when color-correction support is enabled, allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a malformed PNG image containing a cHRM chunk associated with a certain zero value.
References
Vulnerable Configurations
  • cpe:2.3:a:greg_roelofs:libpng:1.5.4:*:*:*:*:*:*:*
    cpe:2.3:a:greg_roelofs:libpng:1.5.4:*:*:*:*:*:*:*
CVSS
Base: 2.6 (as of 22-09-2012 - 03:25)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:N/I:N/A:P
refmap via4
apple
  • APPLE-SA-2012-02-01-1
  • APPLE-SA-2012-05-09-1
  • APPLE-SA-2012-09-19-1
cert-vn VU#477046
confirm
Last major update 22-09-2012 - 03:25
Published 17-01-2012 - 19:55
Last modified 22-09-2012 - 03:25
Back to Top