===================================================================== CERT-Renater Note d'Information No. 2012/VULN101 _____________________________________________________________________ DATE : 08/03/2012 HARDWARE PLATFORM(S): / OPERATING SYSTEM(S) : Systems running libpng versions versions 1.0.57, 1.2.47, 1.4.9, 1.5.9. ====================================================================== http://www.kb.cert.org/vuls/id/523889 _______________________________________________________________________ Vulnerability Note VU#523889 libpng chunk decompression integer overflow vulnerability Overview The libpng library contains an integer overflow vulnerability that may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. I. Description The Portable Network Graphics (PNG) image format is used as an alternative to other image formats such as the Graphics Interchange Format (GIF). The libpng reference library is available for application developers to support the PNG image format. The libpng library contains an integer overflow in the png_decompress_chunk() function, which can result in a buffer overflow. II. Impact By causing libpng to process a specially-crafted PNG file (e.g. by visiting a web page, viewing an email, or opening a document), a remote, unauthenticated attacker may be able to execute arbitrary code with the privileges of the application that uses libpng. III. Solution Apply an update This issue has been addressed in libpng versions 1.0.57, 1.2.47, 1.4.9, and 1.5.9. Please check with your software vendor for updates that utilize a fixed version of libpng. Vendor Information Vendor Status Date Notified Date Updated Apple Inc. Affected 2012-02-23 2012-02-23 Conectiva Inc. Unknown 2012-02-23 2012-02-23 Cray Inc. Unknown 2012-02-23 2012-02-23 Debian GNU/Linux Affected 2012-02-23 2012-02-23 DragonFly BSD Project Unknown 2012-02-23 2012-02-23 EMC Corporation Unknown 2012-02-23 2012-02-23 Engarde Secure Linux Unknown 2012-02-23 2012-02-23 F5 Networks, Inc. Unknown 2012-02-23 2012-02-23 Fedora Project Affected 2012-02-23 2012-02-23 FreeBSD Project Unknown 2012-02-23 2012-02-23 Fujitsu Unknown 2012-02-23 2012-02-23 Gentoo Linux Affected 2012-02-23 2012-02-23 Google Affected 2012-02-23 2012-02-23 Hewlett-Packard Company Unknown 2012-02-23 2012-02-23 Hitachi Unknown 2012-02-23 2012-02-23 IBM Corporation Unknown 2012-02-23 2012-02-23 IBM Corporation (zseries) Unknown 2012-02-23 2012-02-23 IBM eServer Unknown 2012-02-23 2012-02-23 Infoblox Unknown 2012-02-23 2012-02-23 Juniper Networks, Inc. Not Affected 2012-02-23 2012-03-02 Mandriva S. A. Unknown 2012-02-23 2012-02-23 Microsoft Corporation Unknown 2012-02-23 2012-02-23 MontaVista Software, Inc. Unknown 2012-02-23 2012-02-23 NEC Corporation Unknown 2012-02-23 2012-02-23 NetBSD Unknown 2012-02-23 2012-02-23 Nokia Unknown 2012-02-23 2012-02-23 Novell, Inc. Affected 2012-02-23 2012-02-23 OpenBSD Unknown 2012-02-23 2012-02-23 Openwall GNU/*/Linux Not Affected 2012-02-23 2012-03-01 Oracle Corporation Unknown 2012-02-23 2012-02-23 QNX Software Systems Inc. Unknown 2012-02-23 2012-02-23 Red Hat, Inc. Affected 2012-02-23 2012-02-23 SafeNet Unknown 2012-02-23 2012-02-23 Silicon Graphics, Inc. Unknown 2012-02-23 2012-02-23 Slackware Linux Inc. Affected 2012-02-23 2012-02-23 Sony Corporation Unknown 2012-02-23 2012-02-23 Sun Microsystems, Inc. Unknown 2012-02-23 2012-02-23 SUSE Linux Affected 2012-02-23 2012-02-23 The SCO Group Unknown 2012-02-23 2012-02-23 Turbolinux Unknown 2012-02-23 2012-02-23 Ubuntu Affected 2012-02-23 2012-02-23 Unisys Unknown 2012-02-23 2012-02-23 Wind River Systems, Inc. Unknown 2012-02-23 2012-02-23 References http://libpng.org/pub/png/libpng.html http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html Credit Thanks to Jüri Aedla for reporting this vulnerability to the Google Chrome team. This document was written by Will Dormann. Other Information Date Public: 2012-02-15 Date First Published: 2012-02-23 Date Last Updated: 2012-03-02 CERT Advisory: CVE-ID(s): CVE-2011-3026 NVD-ID(s): CVE-2011-3026 US-CERT Technical Alerts: Severity Metric: 24,75 Document Revision: 6 If you have feedback, comments, or additional information about this vulnerability, please send us email. ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 23 - 25 Rue Daviel | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================