此网页截图描述了一个在Chromium浏览器组件wk_png_inflate中发现的堆缓冲区溢出漏洞的具体情况。以下是关键信息的简洁概括: Vulnerability Details - Title: Heap-buffer-overflow in wk_png_inflate - Type: Vulnerability - Priority: P1 (High Priority) - Severity: S1 (Critical Severity) - Status: Fixed - CVE ID: 2011-3045 Affected Versions and Platforms - Chrome Version: 17.0.963.56 - OS Version: Not specified in the screenshot Impact and Reproduction - The vulnerability can be exploited by visiting specific web pages that contain crafted PNG images. The steps involve: 1. Visiting a URL ( ) 2. Navigating through pages until the issue triggers Observation and Consequences - Instead of proper rendering, the browser hangs, and some users encounter an "Oh, snap" error page, indicating a crash. - Potential for DOS attack by using large zTXt, iTXt, or other large chunk types in PNG files. Resolution and Mitigation - The bug was identified and fixed in earlier versions of the libpng library, which Chromium relies on for PNG processing. The patch prevents certain chunks from being processed, reducing the attack surface. Reporting and Development - The issue was reported and managed through the Chromium Issue Tracker, with updates documented and a public discussion thread for contributors. The thread highlights the collaborative nature of security vulnerability resolution in open-source projects.