Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2011-2691

NULL Pointer Dereference

Published: Jul 17, 2011 | Modified: Feb 13, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2011-2691
CWEhttps://cwe.mitre.org/data/definitions/476.html

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Libpng Libpng 1.5.0 *
Libpng Libpng 1.4.0 *
Libpng Libpng 1.2.0 *
Libpng Libpng 1.0.0 *
Chromium-browser Ubuntu lucid *
Chromium-browser Ubuntu maverick *
Chromium-browser Ubuntu natty *
Chromium-browser Ubuntu oneiric *
Firefox Ubuntu devel *
Firefox Ubuntu hardy *
Firefox Ubuntu lucid *
Firefox Ubuntu maverick *
Firefox Ubuntu natty *
Firefox Ubuntu oneiric *
Firefox Ubuntu precise *
Libpng Ubuntu upstream *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2023 Aqua Security Software Ltd.   Privacy Policy | Terms of Use