CVE-2011-2691

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name	Vendor	Start Version	End Version
Libpng	Libpng	1.0.0 (including)	1.0.55 (excluding)
Libpng	Libpng	1.2.0 (including)	1.2.45 (excluding)
Libpng	Libpng	1.4.0 (including)	1.4.8 (excluding)
Libpng	Libpng	1.5.0 (including)	1.5.4 (excluding)

Potential Mitigations

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=9dad5e37aef295b4ef8dea39392b652deebc9261
http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html
http://marc.info/?l=bugtraq\u0026m=133951357207000\u0026w=2
http://secunia.com/advisories/45046
http://secunia.com/advisories/45405
http://secunia.com/advisories/45492
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://support.apple.com/kb/HT5002
http://www.debian.org/security/2011/dsa-2287
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2011:151
http://www.openwall.com/lists/oss-security/2011/07/13/2
http://www.securityfocus.com/bid/48660
https://bugzilla.redhat.com/show_bug.cgi?id=720608
https://exchange.xforce.ibmcloud.com/vulnerabilities/68537

NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-2691
CWE	https://cwe.mitre.org/data/definitions/476.html

NULL Pointer Dereference

Weakness

Affected Software

Potential Mitigations

References