Buffer overflow in libpng - CVE-2010-1205
Published: June 30, 2010 / Updated: July 29, 2020
Vulnerability identifier: #VU32860
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2010-1205
CWE-ID: CWE-119
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: libpng
Affected software:
libpng
libpng
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
How to mitigate CVE-2010-1205
Install update from vendor's website.
Sources
- http://blackberry.com/btsc/KB27244
- http://code.google.com/p/chromium/issues/detail?id=45983
- http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
- http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
- http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- http://lists.vmware.com/pipermail/security-announce/2010/000105.html
- http://secunia.com/advisories/40302
- http://secunia.com/advisories/40336
- http://secunia.com/advisories/40472
- http://secunia.com/advisories/40547
- http://secunia.com/advisories/41574
- http://secunia.com/advisories/42314
- http://secunia.com/advisories/42317
- http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
- http://support.apple.com/kb/HT4312
- http://support.apple.com/kb/HT4435
- http://support.apple.com/kb/HT4456
- http://support.apple.com/kb/HT4457
- http://support.apple.com/kb/HT4554
- http://support.apple.com/kb/HT4566
- http://trac.webkit.org/changeset/61816
- http://www.debian.org/security/2010/dsa-2072
- http://www.libpng.org/pub/png/libpng.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
- http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
- http://www.securityfocus.com/bid/41174
- http://www.ubuntu.com/usn/USN-960-1
- http://www.vmware.com/security/advisories/VMSA-2010-0014.html
- http://www.vupen.com/english/advisories/2010/1612
- http://www.vupen.com/english/advisories/2010/1637
- http://www.vupen.com/english/advisories/2010/1755
- http://www.vupen.com/english/advisories/2010/1837
- http://www.vupen.com/english/advisories/2010/1846
- http://www.vupen.com/english/advisories/2010/1877
- http://www.vupen.com/english/advisories/2010/2491
- http://www.vupen.com/english/advisories/2010/3045
- http://www.vupen.com/english/advisories/2010/3046
- https://bugs.webkit.org/show_bug.cgi?id=40798
- https://bugzilla.mozilla.org/show_bug.cgi?id=570451
- https://bugzilla.redhat.com/show_bug.cgi?id=608238
- https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851