CVE Vulnerabilities

CVE-2011-2691

NULL Pointer Dereference

Published: Jul 17, 2011 | Modified: Feb 13, 2023
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
4.3 LOW
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

Weakness

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Affected Software

Name Vendor Start Version End Version
Libpng Libpng 1.5.0 *
Libpng Libpng 1.4.0 *
Libpng Libpng 1.2.0 *
Libpng Libpng 1.0.0 *
Chromium-browser Ubuntu lucid *
Chromium-browser Ubuntu maverick *
Chromium-browser Ubuntu natty *
Chromium-browser Ubuntu oneiric *
Firefox Ubuntu devel *
Firefox Ubuntu hardy *
Firefox Ubuntu lucid *
Firefox Ubuntu maverick *
Firefox Ubuntu natty *
Firefox Ubuntu oneiric *
Firefox Ubuntu precise *
Libpng Ubuntu upstream *

Potential Mitigations

References