ISS X-Force Database: google-chrome-pngdecompresschunk-bo(73240): libpng png_decompress

libpng png_decompress_chunk() buffer overflow

google-chrome-pngdecompresschunk-bo (73240)

High Risk

Description:

libpng, as used in Google Chrome and several other products, is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the png_decompress_chunk() function. By persuading a victim to open a specially-crafted PNG file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

Consequences:

Gain Access

Remedy:

Upgrade to the latest version of Google Chrome (17.0.963.56 or later), available from the Google Chrome Releases Web site. See References.

For other distributions:
Apply the appropriate update for your system. See References.

References:

Apple Article: HT5501: About the security content of OS X Mountain Lion v10.8.2, OS X Lion v10.7.5 and Security Update 2012-004.
Apple Article: HT5503: About the security content of iOS 6.
Google Chrome Releases Web site: Chrome Stable Update.
IBM Security Bulletin 1620982: IBM Informix Genero vulnerable to libpng chunk decompression integer overflow vulnerability (CVE-2011-3206).
IBM Security Bulletin 1626697: Multiple vulnerabilities in IBM Cognos BI 8.4.1,10.1, 10.1.1 and 10.2 (CVE-2011-3026, CVE-2011-4858, CVE-2012-0498, CVE-2012-2177, CVE-2012-2193, CVE-2012-4835, CVE-2012-4836, CVE-2012-4837, CVE-2012-4840, CVE-2012-4858, CVE-2012-5081).
IBM Security Bulletin 1627992: Security vulnerabilities addressed in IBM Notes 9.0 (CVE-2011-3026, CVE-2012-6349, CVE-2012-6277).
libpng Web Site: libpng Home Page.
Mozilla Security Blog, 02.17.12: Mozilla releases to address CVE-2011-3026.
Oracle Security Blog, Mar 13, 2013: Multiple vulnerabilities in libpng.
SRWare Web site: New Iron-Version: 18.0.1050.0 Stable for Windows.
The Pale Moon Project: Pale Moon: Release notes for version 9.
BID-52031: Google Chrome Prior to 17.0.963.56 Multiple Security Vulnerabilities
BID-52049: libpng 'png_decompress_chunk()' Remote Integer Overflow Vulnerability
CVE-2011-3026: Integer overflow in libpng, as used in Google Chrome before 17.0.963.56, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an integer truncation.
DSA-2410: libpng -- integer overflow
OSVDB ID: 79294: libpng pngrutil.c png_decompress_chunk() Function Chunk Decompression Remote Overflow
RHSA-2012-0140: Critical: thunderbird security update
RHSA-2012-0141: Critical: seamonkey security update
RHSA-2012-0142: Critical: firefox security update
RHSA-2012-0143: Critical: xulrunner security update
RHSA-2012-0317: Important: libpng security update
SA48016: Google Chrome Multiple Vulnerabilities
SA48026: libpng "png_decompress_chunk()" Integer Overflow Vulnerability
SA48089: Mozilla Firefox / Thunderbird / Seamonkey libpng Integer Overflow
SA48110: Pale Moon Two Vulnerabilities
SA48128: Pale Moon libpng Integer Overflow Vulnerability
SA48866: SRWare Iron Multiple Vulnerabilities
SA50586: Apple iOS Multiple Vulnerabilities
SA51905: IBM Informix Genero libpng Integer Overflow Vulnerability
SA52599: IBM Lotus Notes Multiple Vulnerabilities
SA52604: Oracle Solaris libpng Two Vulnerabilities

Platforms Affected:

Apple iOS 5 iPod touch
Apple iOS 5 iPhone 3GS
Apple iOS 5 iPad
Apple Mac OS X 10.6
Apple Mac OS X Server 10.6
Google Chrome 15.0.874.102
Google Chrome 15.0.874.103
Google Chrome 15.0.874.104
Google Chrome 15.0.874.106
Google Chrome 15.0.874.11
Google Chrome 15.0.874.116
Google Chrome 15.0.874.117
Google Chrome 15.0.874.119
Google Chrome 15.0.874.12
Google Chrome 15.0.874.120
Google Chrome 15.0.874.121
Google Chrome 15.0.874.13
Google Chrome 15.0.874.14
Google Chrome 15.0.874.15
Google Chrome 15.0.874.16
Google Chrome 15.0.874.17
Google Chrome 15.0.874.18
Google Chrome 15.0.874.19
Google Chrome 15.0.874.2
Google Chrome 15.0.874.20
Google Chrome 15.0.874.21
Google Chrome 15.0.874.22
Google Chrome 15.0.874.23
Google Chrome 15.0.874.24
Google Chrome 15.0.874.3
Google Chrome 15.0.874.4
Google Chrome 15.0.874.44
Google Chrome 15.0.874.45
Google Chrome 15.0.874.46
Google Chrome 15.0.874.47
Google Chrome 15.0.874.48
Google Chrome 15.0.874.49
Google Chrome 15.0.874.5
Google Chrome 15.0.874.6
Google Chrome 15.0.874.7
Google Chrome 15.0.874.8
Google Chrome 15.0.874.9
Google Chrome 15.0.875.0
Google Chrome 15.0.876.0
Google Chrome 16.0.877.0
Google Chrome 16.0.878.0
Google Chrome 17.0.963.46
IBM Cognos Business Intelligence 10.1
IBM Cognos Business Intelligence 10.1.1
IBM Cognos Business Intelligence 10.2
IBM Cognos Business Intelligence 8.4.1
IBM Informix Genero 2.0
IBM Informix Genero 2.1
IBM Informix Genero 2.2
IBM Informix Genero 2.3
IBM Informix Genero 2.4
IBM Lotus Notes 8.0
IBM Lotus Notes 8.5
IBM Lotus Notes 8.5.1
IBM Lotus Notes 8.5.2.0
IBM Lotus Notes 8.5.3
libpng libpng
Mozilla Firefox 10.0
Mozilla Thunderbird 10.0
Pale Moon Pale Moon 3.6.23
RedHat Enterprise Linux 4 WS
RedHat Enterprise Linux 4 ES
RedHat Enterprise Linux 4 Desktop
RedHat Enterprise Linux 4 AS
RedHat Enterprise Linux 5 Client
RedHat Enterprise Linux 5
RedHat Enterprise Linux 5 Client Workstation
RedHat Enterprise Linux 6 Server
RedHat Enterprise Linux 6 Workstation
RedHat Enterprise Linux Desktop 6
RedHat Enterprise Linux HPC Node 6
SRWare Iron 18.x
Sun Solaris 10

Reported:

Feb 15, 2012

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email ignore thisxforceignore this@ignore thisus.ignore thisibm.comignore this

Return to the main page