Integer overflow in Google Chrome

#VU44186 Integer overflow in Google Chrome

Published: 2012-03-22 | Updated: 2020-08-11

Vulnerability identifier: #VU44186

Vulnerability risk: Medium

CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]

CVE-ID: CVE-2011-3045

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Google Chrome
Client/Desktop applications / Web browsers

Vendor: Google

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Google Chrome: 17.0.963.0 - 17.0.963.82

External links
http://code.google.com/p/chromium/issues/detail?id=116162
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.html
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commit;h=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.html
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.html
http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.html
http://rhn.redhat.com/errata/RHSA-2012-0407.html
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://secunia.com/advisories/48320
http://secunia.com/advisories/48485
http://secunia.com/advisories/48512
http://secunia.com/advisories/48554
http://secunia.com/advisories/49660
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://src.chromium.org/viewvc/chrome?view=rev&revision=125311
http://www.debian.org/security/2012/dsa-2439
http://www.mandriva.com/security/advisories?name=MDVSA-2012:033
http://www.securitytracker.com/id?1026823
http://bugzilla.redhat.com/show_bug.cgi?id=799000
http://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

openEuler update for syslinux

Slackware Linux update for libpng

Gentoo update for libpng

Amazon Linux AMI update for libpng

Multiple vulnerabilities in Techland Chrome

Fedora EPEL 6 update for libpng10