CVE-2011-3045

Name: CVE-2011-3045
Creator: NVD / NIST
Published: 2012-03-22T16:55:01.16+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.8/10EPSS 3.57%

Last modified Jun 16, 2026

CVE-2011-3045 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.. EPSS estimates a 3.57% chance of exploitation in the next 30 days.

Description

Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different vulnerability than CVE-2011-3026.

Metrics

CVSS 3.1

8.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS Probability

3.57%

87.9th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Google	Chrome	< 17.0.963.83
Redhat	Gluster Storage	2.0
Redhat	Storage	2.0
Redhat	Storage For Public Cloud	2.0
Debian	Debian Linux	6.0
Fedoraproject	Fedora	15
Fedoraproject	Fedora	16
Fedoraproject	Fedora	17
Opensuse	Opensuse	12.1
Redhat	Enterprise Linux	5.0
Redhat	Enterprise Linux	6.0
Redhat	Enterprise Linux Desktop	5.0
Redhat	Enterprise Linux Desktop	6.0
Redhat	Enterprise Linux Server Aus	6.2
Redhat	Enterprise Linux Server Eus	6.2
Redhat	Enterprise Linux Workstation	5.0
Redhat	Enterprise Linux Workstation	6.0
Libpng	Libpng	< 1.5.10

References

http://code.google.com/p/chromium/issues/detail?id=116162Vendor Advisory
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.htmlRelease Notes, Vendor Advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0407.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlThird Party Advisory
http://secunia.com/advisories/48320Not Applicable
http://secunia.com/advisories/48485Not Applicable
http://secunia.com/advisories/48512Not Applicable
http://secunia.com/advisories/48554Not Applicable
http://secunia.com/advisories/49660Not Applicable
http://security.gentoo.org/glsa/glsa-201206-15.xmlThird Party Advisory
http://src.chromium.org/viewvc/chrome?view=rev&revision=125311Patch, Vendor Advisory
http://www.debian.org/security/2012/dsa-2439Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:033Not Applicable
http://www.securitytracker.com/id?1026823Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=799000Issue Tracking, Patch, Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763Third Party Advisory
http://code.google.com/p/chromium/issues/detail?id=116162Vendor Advisory
http://googlechromereleases.blogspot.com/2012/03/stable-channel-update_21.htmlRelease Notes, Vendor Advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commit%3Bh=a8c319a2b281af68f7ca0e2f9a28ca57b44ceb2b
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075424.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075619.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075981.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/075987.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076461.htmlMailing List, Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076731.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-04/msg00000.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-03/msg00051.htmlMailing List, Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0407.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0488.htmlThird Party Advisory
http://secunia.com/advisories/48320Not Applicable
http://secunia.com/advisories/48485Not Applicable
http://secunia.com/advisories/48512Not Applicable
http://secunia.com/advisories/48554Not Applicable
http://secunia.com/advisories/49660Not Applicable
http://security.gentoo.org/glsa/glsa-201206-15.xmlThird Party Advisory
http://src.chromium.org/viewvc/chrome?view=rev&revision=125311Patch, Vendor Advisory
http://www.debian.org/security/2012/dsa-2439Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2012:033Not Applicable
http://www.securitytracker.com/id?1026823Third Party Advisory, VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=799000Issue Tracking, Patch, Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14763Third Party Advisory

Timeline

Published: Mar 22, 2012
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2011-3045?

How severe is CVE-2011-3045?

CVE-2011-3045 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 3.57% probability of exploitation in the next 30 days.

How do I fix CVE-2011-3045?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-3045?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST