libpng contains an overflow condition in the png_decompress_chunk() function in pngrutil.c. The issue is triggered as user-supplied input is not properly sanitized when decompressing chunks, which will result in an integer overflow. This may allow a remote attacker to cause a denial of service or potentially execute arbitrary code.

Upgrade libpng to version 1.5.9rc01 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds. Google Chrome users can upgrade to version 17.0.963.56.

• Security Tracker: 1026697 1026705 1026706 1026707
• CVE ID: 2011-3026 (see also: NVD)
• Secunia Advisory ID: 47923 48016 48026 48068 48069 48070 48072 48075 48078 48081 48089 48098 48110 48119 48128 48160 48179 48205 48206 48866 49660 50586 50628 50728 51766 51905 52491 52599 52604 52615 52740
• Bugtraq ID: 52049
• Related OSVDB ID: 79283 79284 79285 79286 79287 79288 79289 79290 79291 79292 79293 79295
• Vendor Specific News/Changelog Entry: http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/
  http://googlechromereleases.blogspot.com/2012/02/chrome-stable-update.html
  http://lists.debian.org/debian-security-announce/2012/msg00037.html
  http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00021.html
  http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00023.html
  http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00028.html
  http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00029.html
  http://lists.opensuse.org/opensuse-updates/2012-02/msg00059.html
  http://www-01.ibm.com/support/docview.wss?uid=swg21620982
  http://www-01.ibm.com/support/docview.wss?uid=swg21626697
  http://www-01.ibm.com/support/docview.wss?uid=swg24034373
  http://www.gentoo.org/security/en/glsa/glsa-201206-15.xml
  http://www.gentoo.org/security/en/glsa/glsa-201301-01.xml
  http://www.ibm.com/support/docview.wss?uid=ssg1S1004302
  http://www.ibm.com/support/docview.wss?uid=swg21627992
  http://www.palemoon.org/releasenotes-ng.shtml
  http://www.palemoon.org/releasenotes.shtml
  http://www.srware.net/forum/viewtopic.php?f=18&t=3521
  http://www.ubuntu.com/usn/usn-1367-1
  http://www.ubuntu.com/usn/usn-1367-2/
  http://www.ubuntu.com/usn/usn-1367-3/
  http://www.ubuntu.com/usn/usn-1367-4/
  http://www.ubuntu.com/usn/usn-1369-1/
• Vendor Specific Advisory URL: http://support.apple.com/kb/HT5501
  http://support.apple.com/kb/HT5503
  http://support.apple.com/kb/HT5504
  https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_libpng2
  https://code.google.com/p/chromium/issues/detail?id=112822 [ Auth Req'd ]
  https://www-304.ibm.com/connections/blogs/PSIRT/entry/security_bulletin_ibm_informix_genero_vulnerable_to_libpng_chunk_decompression_integer_overflow_vulnerability_cve_2011_320615
• Vendor URL: http://www.libpng.org/pub/png/libpng.html
• RedHat RHSA: RHSA-2012:0140 RHSA-2012:0141 RHSA-2012:0142 RHSA-2012:0143 RHSA-2012:0317

• Jueri Aedla