{"vuid":"VU#643140","idnumber":"643140","name":"Libpng 1.5.0 png_set_rgb_to_gray() vulnerability","keywords":["Libpng 1.5.0","png_set_rgb_to_gray() function","denial-of-service"],"overview":"Libpng-1.5.0 introduced a vulnerability in the rgb-to-gray transform function.","clean_desc":"Libpng based applications that call the png_set_rgb_to_gray() function from pngrtran.c are vulnerable. Libpng versions prior to 1.5.0 are not vulnerable.","impact":"An attacker may cause the application to crash or execute arbitrary code as the user.","resolution":"Apply an Update\nUpgrade to version 1.5.1.","workarounds":"","sysaffected":"","thanks":"Thanks to Glenn Randers-Pehrson for reporting this vulnerability.","author":"This document was written by Jared Allar.","public":["http://sourceforge.net/mailarchive/forum.php?thread_name=002b01cbb0e2%24ae636c80%240b2a4580%24%40acm.org&forum_name=png-mng-implement","http://libpng.sourceforge.net/","ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-1.5.0-diff.txt","ftp://ftp.simplesystems.org/pub/png-group/src/libpng-1.5.1beta01-README.txt"],"cveids":["CVE-2011-0408"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2011-01-10T18:11:00Z","publicdate":"2011-01-08T00:00:00Z","datefirstpublished":"2011-01-11T18:13:50Z","dateupdated":"2011-02-03T19:23:25Z","revision":19,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"8","cam_exploitation":"1","cam_internetinfrastructure":"3","cam_population":"0","cam_impact":"10","cam_easeofexploitation":"2","cam_attackeraccessrequired":"3","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.0,"vulnote":null}