VYPR
Medium severity6.5NVD Advisory· Published Jul 17, 2011· Updated Jun 16, 2026

CVE-2011-2691

CVE-2011-2691

Description

The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG image.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

6
  • Libpng/Libpng2 versions
    cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*range: >=1.0.0,<1.0.55
    • (no CPE)range: <1.0.55, <1.2.45, <1.4.8, <1.5.4
  • Debian/linux2 versions
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:14:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

17

News mentions

0

No linked articles in our index yet.