CVE-2011-2690: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

July 17, 2011 (updated August 6, 2020)

Buffer overflow in libpng , when used by an application that calls the png_rgb_to_gray function but not the png_set_expand function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have unspecified other impact, via a crafted PNG image.

References

nvd.nist.gov/vuln/detail/CVE-2011-2690

Code Behaviors & Features

Detect and mitigate CVE-2011-2690 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →