Upstream information

CVE-2011-3464 at MITRE

Description

Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 745029 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Desktop 12 SP1
  • libpng15-15 >= 1.5.22-2.2
Patchnames:
SUSE Linux Enterprise Desktop 12 SP1 GA libpng15-15
SUSE Linux Enterprise Desktop 12 SP2
  • libpng15-15 >= 1.5.22-4.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP2 GA libpng15-15
SUSE Linux Enterprise Desktop 12 SP3
  • libpng15-15 >= 1.5.22-9.1
Patchnames:
SUSE Linux Enterprise Desktop 12 SP3 GA libpng15-15
SUSE Linux Enterprise Server 12 SP1
  • libpng15-15 >= 1.5.22-2.2
Patchnames:
SUSE Linux Enterprise Server 12 SP1 GA libpng15-15
SUSE Linux Enterprise Server 12 SP2
  • libpng15-15 >= 1.5.22-4.1
Patchnames:
SUSE Linux Enterprise Server 12 SP2 GA libpng15-15
SUSE Linux Enterprise Server 12 SP3
  • libpng15-15 >= 1.5.22-9.1
Patchnames:
SUSE Linux Enterprise Server 12 SP3 GA libpng15-15
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2
  • libpng15-15 >= 1.5.22-4.1
Patchnames:
SUSE Linux Enterprise Server for Raspberry Pi 12 SP2 GA libpng15-15