CVE编号
CVE-2011-2691利用情况
暂无补丁情况
官方补丁披露时间
2011-07-18漏洞描述
libpng是一款多种应用程序所使用的解析PNG图形格式的函数库。在libpng 1.2.45之前版本,错误函数接收一个空指针,错误以'\0'表示,而不是空字符串""。此错误在libpng-1.2.20版本中引入,在这种情况下png_default_error()会崩溃。解决建议
libpng 1.5.4,1.4.8,1.2.45和1.0.55已经修复此漏洞,建议用户下载使用:http://www.libpng.org/pub/png/libpng.html
参考链接 |
|
|---|---|
| http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=9... | |
| http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html | |
| http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063118.html | |
| http://marc.info/?l=bugtraq&m=133951357207000&w=2 | |
| http://secunia.com/advisories/45046 | |
| http://secunia.com/advisories/45405 | |
| http://secunia.com/advisories/45492 | |
| http://secunia.com/advisories/49660 | |
| http://security.gentoo.org/glsa/glsa-201206-15.xml | |
| http://support.apple.com/kb/HT5002 | |
| http://www.debian.org/security/2011/dsa-2287 | |
| http://www.libpng.org/pub/png/libpng.html | |
| http://www.mandriva.com/security/advisories?name=MDVSA-2011:151 | |
| http://www.openwall.com/lists/oss-security/2011/07/13/2 | |
| http://www.securityfocus.com/bid/48660 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=720608 | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/68537 |
受影响软件情况
| # | 类型 | 厂商 | 产品 | 版本 | 影响面 | ||||
| 1 | |||||||||
|---|---|---|---|---|---|---|---|---|---|
| 运行在以下环境 | |||||||||
| 应用 | libpng | libpng | * |
From (including) 1.0.0 |
Up to (excluding) 1.0.55 |
||||
| 运行在以下环境 | |||||||||
| 应用 | libpng | libpng | * |
From (including) 1.2.0 |
Up to (excluding) 1.2.45 |
||||
| 运行在以下环境 | |||||||||
| 应用 | libpng | libpng | * |
From (including) 1.4.0 |
Up to (excluding) 1.4.8 |
||||
| 运行在以下环境 | |||||||||
| 应用 | libpng | libpng | * |
From (including) 1.5.0 |
Up to (excluding) 1.5.4 |
||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_6 | libpng | * |
Up to (excluding) 1.0.55-1.el6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | fedora_EPEL_6 | libpng-devel | * |
Up to (excluding) 1.0.55-1.el6 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | libpng | * |
Up to (excluding) 1.2.10-7.1.el5_7.5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_5 | libpng-devel | * |
Up to (excluding) 1.2.10-7.1.el5_7.5 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | libpng | * |
Up to (excluding) 1.2.46-1.el6_1 |
|||||
| 运行在以下环境 | |||||||||
| 系统 | oracle_6 | libpng-devel | * |
Up to (excluding) 1.2.46-1.el6_1 |
|||||
- 攻击路径 远程
- 攻击复杂度 复杂
- 权限要求 无需权限
- 影响范围 有限影响
- EXP成熟度 未验证
- 补丁情况 官方补丁
- 数据保密性 无影响
- 数据完整性 无影响
- 服务器危害 无影响
- 全网数量 100
还没有评论,来说两句吧...