CVE-2011-3048: Improper Restriction of Operations within the Bounds of a Memory Buffer

May 29, 2012 (updated December 29, 2017)

The png_set_text_2 function in pngset.c in libpng allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure that is not properly handled, leading to a heap-based buffer overflow.

References

nvd.nist.gov/vuln/detail/CVE-2011-3048

Detect and mitigate CVE-2011-3048 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →