{"vuid":"VU#523889","idnumber":"523889","name":"libpng chunk decompression integer overflow vulnerability","keywords":["PNG","chrome","png_decompress_chunk"],"overview":"The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system.","clean_desc":"The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format. The libpng library contains an integer overflow in the png_decompress_chunk() function, which can result in a buffer overflow.","impact":"By causing libpng to process a specially-crafted PNG file (e.g. by visiting a web page, viewing an email, or opening a document), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the application that uses libpng.","resolution":"Apply an update\nThis issue has been addressed in libpng versions 1.0.57, 1.2.47, 1.4.9, and 1.5.9. Please check with your software vendor for updates that utilize a fixed version of libpng.","workarounds":"","sysaffected":"","thanks":"Thanks to Jüri Aedla for reporting this vulnerability to the Google Chrome team.","author":"This document was written by Will Dormann.","public":["http://libpng.org/pub/png/libpng.html","http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html"],"cveids":["CVE-2011-3026"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-02-23T20:01:32Z","publicdate":"2012-02-15T00:00:00Z","datefirstpublished":"2012-02-23T21:28:02Z","dateupdated":"2012-03-02T22:24:40Z","revision":8,"vrda_d1_directreport":"0","vrda_d1_population":"4","vrda_d1_impact":"4","cam_widelyknown":"16","cam_exploitation":"10","cam_internetinfrastructure":"18","cam_population":"20","cam_impact":"15","cam_easeofexploitation":"5","cam_attackeraccessrequired":"20","cam_scorecurrent":"24.75","cam_scorecurrentwidelyknown":"27","cam_scorecurrentwidelyknownexploited":"32.625","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"ND","cvss_reportconfidence":"ND","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":24.75,"vulnote":null}