漏洞信息详情
libpng ‘png_inflate()’ 缓冲区错误漏洞
- CNNVD编号:CNNVD-201203-257
- 危害等级: 中危
- CVE编号: CVE-2011-3045
- 漏洞类型: 输入验证错误
- 发布时间: 2012-03-15
- 威胁类型: 远程
- 更新时间: 2020-04-15
- 厂 商: Google
- 漏洞来源: Jan Lieskovsky
漏洞简介
libpng是一个可对PNG图形文件实现创建、读写等操作的PNG参考库。
libpng中存在基于堆的缓冲区溢出漏洞。攻击者可利用该漏洞导致使用受影响库的应用程序崩溃,还可能在受影响应用程序上下文中运行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
http://www.Google.com.hk/
参考网址
来源:GENTOO
链接:http://security.gentoo.org/glsa/glsa-201206-15.xml
来源:CONFIRM
链接:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.HTML
来源:SUSE
链接:http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.HTML
来源:DEBIAN
链接:https://www.debian.org/security/2012/dsa-2439
来源:CONFIRM
链接:http://src.chromium.org/viewvc/CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome?view=rev&revision=125311
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2012-0488.HTML
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/49660
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.HTML
来源:SECUNIA
链接:http://secunia.com/advisories/48554
来源:SECUNIA
链接:http://secunia.com/advisories/48512
来源:MANDRIVA
链接:http://www.mandriva.com/security/advisories?name=MDVSA-2012:033
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.HTML
来源:CONFIRM
链接:https://bugzilla.redhat.com/show_bug.cgi?id=799000
来源:FEDORA
链接:http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.HTML
来源:CONFIRM
链接:http://code.Google.com/p/chromium/issues/detail?id=116162
来源:SUSE
链接:http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.HTML
来源:CONFIRM
链接:http://GoogleCMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chromereleases.blogspot.com/2012/03/stable-channel-update_21.HTML
来源:REDHAT
链接:http://rhn.redhat.com/errata/RHSA-2012-0407.HTML
来源:SECTRACK
链接:http://www.securitytracker.com/id?1026823
来源:OVAL
链接:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763
来源:SECUNIA
链接:http://secunia.com/advisories/48320
来源:SECUNIA
链接:http://secunia.com/advisories/48485
受影响实体
- Google CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome:11.0.678.0
- Google CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome:11.0.679.0
- Google CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome:11.0.677.0
- Google CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome:11.0.676.0
- Google CMS.zone.ci/e/tags/htag.php?tag=Chrome target=_blank class=infotextkey>Chrome:11.0.675.0
补丁
- libpng ‘png_inflate()’ 缓冲区错误漏洞的修复措施
评论