VYPR
High severity8.8NVD Advisory· Published Jul 17, 2011· Updated Jun 16, 2026

CVE-2011-2690

CVE-2011-2690

Description

Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

10
  • Libpng/Libpng2 versions
    cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*range: >=1.0.0,<1.0.55
    • (no CPE)range: <1.0.55, <1.2.45, <1.4.8, <1.5.4
  • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

21

News mentions

0

No linked articles in our index yet.