VDB
CVE-2011-3464
CVE-2011-3464
PUBLISHED
CVSS 7.5 HIGH
Off-by-one error in the png_formatted_warning function in pngerror.c in libpng 1.5.4 through 1.5.7 might allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors, which trigger a stack-based buffer overflow.
EPSS 1.88% · 83.5th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.88%
83.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| libpng | libpng | 1.5.7, 1.5.0, 1.5.1 |
| n/a | n/a | n/a |
Timeline
- Jul 22, 2012 CVE Published
- Jul 23, 2012 CVE Updated
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- http://secunia.com/advisories/49660 url
- 47827 third-party-advisory
- GLSA-201206-15 vendor-advisory
- http://www.libpng.org/pub/png/libpng.html url
- https://nvd.nist.gov/vuln/detail/CVE-2011-3464 advisory