Upstream information

CVE-2011-3045 at MITRE

Description

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entries: 752008 [RESOLVED / FIXED], 754456 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Desktop 12 GA libpng12-0
SUSE Linux Enterprise Desktop 12 SP1
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libpng12-0
SUSE Linux Enterprise Desktop 12 SP2
  • libpng12-0 >= 1.2.50-13.1
  • libpng12-0-32bit >= 1.2.50-13.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libpng12-0
SUSE Linux Enterprise Desktop 12 SP3
  • libpng12-0 >= 1.2.50-19.1
  • libpng12-0-32bit >= 1.2.50-19.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libpng12-0
SUSE Linux Enterprise Module for Basesystem 15
  • libpng12-0 >= 1.2.57-2.18
  • libpng12-devel >= 1.2.57-2.18
Patchnames:
SUSE Linux Enterprise Module for Basesystem 15 GA libpng12-0
SUSE Linux Enterprise Server 12
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Server 12 GA libpng12-0
SUSE Linux Enterprise Server 12 SP1
  • libpng12-0 >= 1.2.50-8.21
  • libpng12-0-32bit >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libpng12-0
SUSE Linux Enterprise Server 12 SP2
  • libpng12-0 >= 1.2.50-13.1
  • libpng12-0-32bit >= 1.2.50-13.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libpng12-0
SUSE Linux Enterprise Server 12 SP3
  • libpng12-0 >= 1.2.50-19.1
  • libpng12-0-32bit >= 1.2.50-19.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libpng12-0
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libpng12-0 >= 1.2.50-13.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libpng12-0
SUSE Linux Enterprise Software Development Kit 12
  • libpng12-compat-devel >= 1.2.50-8.21
  • libpng12-devel >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 GA libpng12-compat-devel
SUSE Linux Enterprise Software Development Kit 12 SP1
  • libpng12-compat-devel >= 1.2.50-8.21
  • libpng12-devel >= 1.2.50-8.21
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP1 GA libpng12-compat-devel
SUSE Linux Enterprise Software Development Kit 12 SP2
  • libpng12-compat-devel >= 1.2.50-13.1
  • libpng12-devel >= 1.2.50-13.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP2 GA libpng12-compat-devel
SUSE Linux Enterprise Software Development Kit 12 SP3
  • libpng12-compat-devel >= 1.2.50-19.1
  • libpng12-devel >= 1.2.50-19.1
Patchnames:
SUSE Linux Enterprise Software Development Kit 12 SP3 GA libpng12-compat-devel
openSUSE 11.4
  • libpng12 >= 1.2.48-13.1
  • libpng12-0 >= 1.2.48-13.1
  • libpng12-0-32bit >= 1.2.48-13.1
  • libpng12-0-debuginfo >= 1.2.48-13.1
  • libpng12-0-debuginfo-32bit >= 1.2.48-13.1
  • libpng12-compat-devel >= 1.2.48-13.1
  • libpng12-compat-devel-32bit >= 1.2.48-13.1
  • libpng12-debugsource >= 1.2.48-13.1
  • libpng12-devel >= 1.2.48-13.1
  • libpng12-devel-32bit >= 1.2.48-13.1
  • libpng14 >= 1.4.4-17.1
  • libpng14-14 >= 1.4.4-17.1
  • libpng14-14-32bit >= 1.4.4-17.1
  • libpng14-14-debuginfo >= 1.4.4-17.1
  • libpng14-14-debuginfo-32bit >= 1.4.4-17.1
  • libpng14-compat-devel >= 1.4.4-17.1
  • libpng14-compat-devel-32bit >= 1.4.4-17.1
  • libpng14-debugsource >= 1.4.4-17.1
  • libpng14-devel >= 1.4.4-17.1
  • libpng14-devel-32bit >= 1.4.4-17.1
Patchnames:
openSUSE-2012-186
openSUSE Leap 15.0
  • chromium >= 66.0.3359.170-lp150.1.1
Patchnames:
openSUSE Leap 15.0 GA chromium
openSUSE Leap 42.1
  • libpng12-0 >= 1.2.50-3.2
  • libpng12-0-32bit >= 1.2.50-3.2
  • libpng12-devel >= 1.2.50-3.2
Patchnames:
openSUSE Leap 42.1 GA libpng12-0
openSUSE Leap 42.2
  • libpng12-0 >= 1.2.50-9.1
  • libpng12-0-32bit >= 1.2.50-9.1
  • libpng12-devel >= 1.2.50-9.1
Patchnames:
openSUSE Leap 42.2 GA libpng12-0
openSUSE Leap 42.3
  • libpng12-0 >= 1.2.50-12.3
  • libpng12-0-32bit >= 1.2.50-12.3
  • libpng12-devel >= 1.2.50-12.3
Patchnames:
openSUSE Leap 42.3 GA libpng12-0
openSUSE Tumbleweed
  • chromedriver >= 55.0.2883.75-3.1
  • chromium >= 55.0.2883.75-3.1
  • libpng12-0 >= 1.2.56-1.5
  • libpng12-0-32bit >= 1.2.56-1.5
  • libpng12-compat-devel >= 1.2.56-1.5
  • libpng12-compat-devel-32bit >= 1.2.56-1.5
  • libpng12-devel >= 1.2.56-1.5
  • libpng12-devel-32bit >= 1.2.56-1.5
Patchnames:
openSUSE Tumbleweed GA chromedriver
openSUSE Tumbleweed GA libpng12-0