AZL-41176

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41176.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-41176

Upstream

CVE-2012-3425

Published

2012-08-13T20:55:09Z

Modified

2026-04-21T04:29:14.803220Z

Summary

CVE-2012-3425 affecting package syslinux for versions less than 6.04-11

Details

The pngpushreadzTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds read) via a large availin field value in a PNG image.

References

https://nvd.nist.gov/vuln/detail/CVE-2012-3425

Affected packages

Azure Linux:3 / syslinux

Package

Name: syslinux
Purl: pkg:rpm/azure-linux/syslinux

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.04-11

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41176.json"