Integer overflow in Google Chrome
CVE-2011-3045
Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or p…
Vulnerability class: Integer Overflow
EPSS: 0.046 (89.4th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.
Affected products
- Google Chrome
- Libpng
- Debian Debian_linux — versions 6.0
- Fedoraproject Fedora — versions 15, 16, 17
- Opensuse — versions 12.1
- Redhat Enterprise_linux — versions 5.0, 6.0
- Redhat Enterprise_linux_desktop — versions 5.0, 6.0
- Redhat Enterprise_linux_server_aus — versions 6.2
- Redhat Enterprise_linux_server_eus — versions 6.2
- Redhat Enterprise_linux_workstation — versions 5.0, 6.0
Weakness classification (CWE)
References
- FEDORA-2012-3545 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
- 49660 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- RHSA-2012:0407 (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- MDVSA-2012:033 (vendor-advisory, x_refsource_MANDRIVA, Not Applicable)
- FEDORA-2012-3507 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
- DSA-2439 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
- FEDORA-2012-3605 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
- 48320 (x_refsource_SECUNIA, Not Applicable, third-party-advisory)
- cve@mitre.org (x_refsource_CONFIRM, Patch, Vendor Advisory)
- FEDORA-2012-3739 (x_refsource_FEDORA, vendor-advisory, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2011-3045?
- CVE-2011-3045 is a high-severity vulnerability in Google Chrome, classified under Integer Overflow or Wraparound. CVSS score: 8.8/10. Published 2012-03-22.
- How severe is CVE-2011-3045?
- High severity. CVSS v3 base score is 8.8 out of 10.