Vulnerability Details : CVE-2011-3464
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
Vulnerability category: OverflowExecute codeDenial of service
Products affected by CVE-2011-3464
- cpe:2.3:a:libpng:libpng:1.5.7:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.7:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.3:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.2:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.5:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.6:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.1:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.0:beta:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:libpng:libpng:1.5.4:beta:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-3464
7.47%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 94 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-3464
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2011-3464
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-3464
-
http://www.libpng.org/pub/png/libpng.html
libpng Home Page
-
http://security.gentoo.org/glsa/glsa-201206-15.xml
libpng: Multiple vulnerabilities (GLSA 201206-15) — Gentoo security
Jump to