Published: 03/03/2010 Updated: 07/08/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x prior to 1.0.53, 1.2.x prior to 1.2.43, and 1.4.x prior to 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote malicious users to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
libpng libpng
apple mac os x
fedoraproject fedora 11
fedoraproject fedora 12
fedoraproject fedora 13
opensuse opensuse 11.0
opensuse opensuse 11.1
opensuse opensuse 11.2
suse linux enterprise server 9
suse linux enterprise server 10
suse linux enterprise server 11
canonical ubuntu linux 6.06
canonical ubuntu linux 8.04
canonical ubuntu linux 8.10
canonical ubuntu linux 9.04
canonical ubuntu linux 9.10
debian debian linux 5.0
debian debian linux 6.0

It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory This issue only affected Ubuntu 606 LTS, 804 LTS, 810 and 904 (CV ...

Debian Bug report logs - #533676 libpng: CVE-2009-2042 "out-of-bounds pixels" vulnerability Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 19 Jun 2009 18:09:04 UTC Severity: serious Tags: security Found in ...

Debian Bug report logs - #572308 CVE-2010-0205 VU#576029 libpng stalls on highly compressed ancillary chunks Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Aníbal Monsalve Salazar <anibal@debianorg> Date: Wed, 3 Mar 2010 05:36:01 UTC Severity: serious Tags: secu ...

Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bit ...

CVE-2010-0205

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect