{"vuid":"VU#819894","idnumber":"819894","name":"libpng invalid sCAL chunk processing vulnerability","keywords":["libpng","sCAL","chunk"],"overview":"libpng reads uninitialized memory when processing invalid sCAL chunks.","clean_desc":"When libpng encounters a sCAL chunk that is empty it will read uninitialized memory. libpng also does not properly handle a sCAL chunk that lacks the terminating zero between the two strings conveyed. Additional details can be found on the png-mng-implement mailing list archives.","impact":"By tricking a user into opening a specifically crafted PNG file within an application that uses libpng, an attacker may be able to cause a denial of service crash.","resolution":"Apply an Update\nThis vulnerability is addressed in the following libpng versions: libpng-1.5.4, libpng-1.4.8, libpng-1.2.45, and libpng-1.0.55","workarounds":"","sysaffected":"","thanks":"Thanks to Glenn Randers-Pehrson for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://libpng.sourceforge.net/","http://sourceforge.net/mailarchive/forum.php?thread_name=003101cc2790%24fb5d6e80%24f2184b80%24%40acm.org&forum_name=png-mng-implement"],"cveids":["CVE-2011-2692"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-07-05T15:32:56Z","publicdate":"2011-07-07T00:00:00Z","datefirstpublished":"2011-07-07T18:31:58Z","dateupdated":"2011-07-07T18:39:27Z","revision":12,"vrda_d1_directreport":"1","vrda_d1_population":"4","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"15","cam_internetinfrastructure":"8","cam_population":"7","cam_impact":"8","cam_easeofexploitation":"4","cam_attackeraccessrequired":"5","cam_scorecurrent":"0.651","cam_scorecurrentwidelyknown":"0.903","cam_scorecurrentwidelyknownexploited":"1.008","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.651,"vulnote":null}