CVE-2011-2692

NameCVE-2011-2692
DescriptionThe png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a crafted PNG image that triggers the reading of uninitialized memory.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-2287-1
Debian Bugs633871

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
libpng (PTS)jessie, jessie (lts)1.2.50-2+deb8u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
libpngsourcelenny1.2.27-2+lenny5DSA-2287-1
libpngsourcesqueeze1.2.44-1+squeeze1DSA-2287-1
libpngsource(unstable)1.2.46-1low633871
Search for package or bug name: Reporting problems