CVE-2012-3425

CVE-2012-3425

NONECVSS 0.0

0.0

The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large avail_in field value in a PNG image.

📅 Published

August 13, 2012

🔄 Last Modified

April 29, 2026

🔗 References (18)

secalert@redhathttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082
secalert@redhathttp://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10
secalert@redhathttp://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14
secalert@redhathttp://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15
secalert@redhathttp://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8
secalert@redhathttp://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/07/24/3
secalert@redhathttp://www.openwall.com/lists/oss-security/2012/07/24/5
secalert@redhathttp://www.ubuntu.com/usn/USN-2815-1
af854a3a-2127-422b-91ae-364da2661108http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=668082
af854a3a-2127-422b-91ae-364da2661108http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=284de253b1561b976291ba7405acd71ae71ff597%3Bhb=refs/heads/libpng10
af854a3a-2127-422b-91ae-364da2661108http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=2da5a7a8b690e257f94353b5b49d493cdc385322%3Bhb=refs/heads/libpng14
af854a3a-2127-422b-91ae-364da2661108http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bh=73e2ffd6a1471f2144d0ce7165d7323cb109f10f%3Bhb=refs/heads/libpng15
af854a3a-2127-422b-91ae-364da2661108http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=blob%3Bf=CHANGES%3Bhb=a4b640865ae47986bbe71ecc0e7d5181dcb0bac8
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2012-08/msg00004.html

💥

Dependency Blast Radius

See which npm, PyPI, Go, and Maven packages are affected by CVE-2012-3425

Explore →

Is Your Infrastructure Affected by CVE-2012-3425?

EchelonGraph automatically scans your cloud infrastructure and maps CVE exposure using blast radius analysis.