{"containers":{"cna":{"affected":[{"product":"n/a","vendor":"n/a","versions":[{"status":"affected","version":"n/a"}]}],"datePublic":"2012-04-08T00:00:00.000Z","descriptions":[{"lang":"en","value":"The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."}],"problemTypes":[{"descriptions":[{"description":"n/a","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2015-11-24T19:57:01.000Z","orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat"},"references":[{"name":"[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2012/07/24/3"},{"tags":["x_refsource_MISC"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15"},{"name":"[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images","tags":["mailing-list","x_refsource_MLIST"],"url":"http://www.openwall.com/lists/oss-security/2012/07/24/5"},{"tags":["x_refsource_MISC"],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"},{"tags":["x_refsource_MISC"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14"},{"name":"openSUSE-SU-2012:0934","tags":["vendor-advisory","x_refsource_SUSE"],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"},{"tags":["x_refsource_MISC"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10"},{"tags":["x_refsource_MISC"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"},{"name":"USN-2815-1","tags":["vendor-advisory","x_refsource_UBUNTU"],"url":"http://www.ubuntu.com/usn/USN-2815-1"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"secalert@redhat.com","ID":"CVE-2012-3425","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2012/07/24/3"},{"name":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15","refsource":"MISC","url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=73e2ffd6a1471f2144d0ce7165d7323cb109f10f;hb=refs/heads/libpng15"},{"name":"[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images","refsource":"MLIST","url":"http://www.openwall.com/lists/oss-security/2012/07/24/5"},{"name":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082","refsource":"MISC","url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"},{"name":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14","refsource":"MISC","url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=2da5a7a8b690e257f94353b5b49d493cdc385322;hb=refs/heads/libpng14"},{"name":"openSUSE-SU-2012:0934","refsource":"SUSE","url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"},{"name":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10","refsource":"MISC","url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;h=284de253b1561b976291ba7405acd71ae71ff597;hb=refs/heads/libpng10"},{"name":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8","refsource":"MISC","url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=blob;f=CHANGES;hb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"},{"name":"USN-2815-1","refsource":"UBUNTU","url":"http://www.ubuntu.com/usn/USN-2815-1"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-06T20:05:12.386Z"},"title":"CVE Program Container","references":[{"name":"[oss-security] 20120724 CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2012/07/24/3"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15"},{"name":"[oss-security] 20120724 Re: CVE Request: libpng: Out-of heap-based buffer read by inflating certain PNG images","tags":["mailing-list","x_refsource_MLIST","x_transferred"],"url":"http://www.openwall.com/lists/oss-security/2012/07/24/5"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14"},{"name":"openSUSE-SU-2012:0934","tags":["vendor-advisory","x_refsource_SUSE","x_transferred"],"url":"http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10"},{"tags":["x_refsource_MISC","x_transferred"],"url":"http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8"},{"name":"USN-2815-1","tags":["vendor-advisory","x_refsource_UBUNTU","x_transferred"],"url":"http://www.ubuntu.com/usn/USN-2815-1"}]}]},"cveMetadata":{"assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","cveId":"CVE-2012-3425","datePublished":"2012-08-13T20:00:00.000Z","dateReserved":"2012-06-14T00:00:00.000Z","dateUpdated":"2024-08-06T20:05:12.386Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}