CVE-2011-0408: Improper Restriction of Operations within the Bounds of a Memory Buffer

January 18, 2011 (updated August 17, 2017)

pngrtran.c in libpng allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted palette-based PNG image that triggers a buffer overflow, related to the png_do_expand_palette function, the png_do_rgb_to_gray function, and an integer underflow. NOTE: some of these details are obtained from third party information.

References

nvd.nist.gov/vuln/detail/CVE-2011-0408

Detect and mitigate CVE-2011-0408 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →