Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2010-2249

Published: 30/06/2010 Updated: 13/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Libpng

Vulnerability Summary

Memory leak in pngrutil.c in libpng prior to 1.2.44, and 1.4.x prior to 1.4.3, allows remote malicious users to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

libpng libpng

apple itunes

apple safari

apple iphone os

apple tvos

fedoraproject fedora 13

fedoraproject fedora 12

suse linux enterprise server 10

opensuse opensuse 11.1

suse linux enterprise server 11

suse linux enterprise server 9

opensuse opensuse 11.2

vmware player

vmware workstation

canonical ubuntu linux 9.04

canonical ubuntu linux 9.10

canonical ubuntu linux 10.04

canonical ubuntu linux 8.04

canonical ubuntu linux 6.06

debian debian linux 5.0

Vendor Advisories

Debian CVElist Bug Report Logs: libpng: CVE-2010-1205 and CVE-2010-2249
Debian Bug report logs - #587670 libpng: CVE-2010-1205 and CVE-2010-2249 Package: src:libpng; Maintainer for src:libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Raphael Geissert <geissert@debianorg> Date: Wed, 30 Jun 2010 19:12:01 UTC Severity: grave Tags: security Fixed in versions 1244-1, li ...
Ubuntu Security Notice: libpng vulnerabilities
It was discovered that libpng did not properly handle certain malformed PNG images If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program (CVE-2010-1205) ...
Debian Security Advisories: DSA-2072-1 libpng -- several vulnerabilities
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an add ...

References

CWE-401https://bugzilla.redhat.com/show_bug.cgi?id=608644http://secunia.com/advisories/40302http://www.vupen.com/english/advisories/2010/1612http://www.libpng.org/pub/png/libpng.htmlhttp://www.securityfocus.com/bid/41174http://www.ubuntu.com/usn/USN-960-1http://www.vupen.com/english/advisories/2010/1755http://secunia.com/advisories/40472http://www.vupen.com/english/advisories/2010/1877http://www.debian.org/security/2010/dsa-2072http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:133http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.htmlhttp://www.vupen.com/english/advisories/2010/1837http://www.vupen.com/english/advisories/2010/1846http://secunia.com/advisories/40547http://secunia.com/advisories/41574http://www.vupen.com/english/advisories/2010/2491http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlhttp://www.vmware.com/security/advisories/VMSA-2010-0014.htmlhttp://lists.vmware.com/pipermail/security-announce/2010/000105.htmlhttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlhttp://support.apple.com/kb/HT4435http://support.apple.com/kb/HT4456http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlhttp://www.vupen.com/english/advisories/2010/3046http://support.apple.com/kb/HT4457http://www.vupen.com/english/advisories/2010/3045http://secunia.com/advisories/42314http://www.securitytracker.com/id?1024723http://secunia.com/advisories/42317http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlhttp://support.apple.com/kb/HT4554http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlhttp://support.apple.com/kb/HT4566http://secunia.com/advisories/40336http://www.vupen.com/english/advisories/2010/1637http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061https://exchange.xforce.ibmcloud.com/vulnerabilities/59816http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=587670https://usn.ubuntu.com/960-1/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3400CVE-2023-7252CVE-2024-21111denial of serviceCVE-2024-29661CVE-2024-22856remote attackersencryptionCVE-2023-38299
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook