CVE-2010-2249

Severity

50%

Complexity

99%

Confidentiality

48%

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

libpng

First reported 14 years ago

2010-06-30 18:30:00

Last updated 7 years ago

2017-08-17 01:32:00

Affected Software

libpng 0.89c

0.89c

libpng 0.95

0.95

libpng 1.0.0

1.0.0

libpng 1.0.1

1.0.1

libpng 1.0.2

1.0.2

libpng 1.0.3

1.0.3

libpng 1.0.5

1.0.5

libpng 1.0.6

1.0.6

libpng 1.0.7

1.0.7

libpng 1.0.8

1.0.8

libpng 1.0.9

1.0.9

libpng 1.0.10

1.0.10

libpng 1.0.11

1.0.11

libpng 1.0.12

1.0.12

libpng 1.0.13

1.0.13

libpng 1.0.14

1.0.14

libpng 1.0.15

1.0.15

libpng 1.0.16

1.0.16

libpng 1.0.17

1.0.17

libpng 1.0.18

1.0.18

libpng 1.0.19

1.0.19

libpng 1.0.20

1.0.20

libpng 1.0.21

1.0.21

libpng 1.0.22

1.0.22

libpng 1.0.23

1.0.23

libpng 1.0.24

1.0.24

libpng 1.0.25

1.0.25

libpng 1.0.26

1.0.26

libpng 1.0.27

1.0.27

libpng 1.0.28

1.0.28

libpng 1.0.29

1.0.29

libpng 1.0.30

1.0.30

libpng 1.0.31

1.0.31

libpng 1.0.32

1.0.32

libpng 1.0.33

1.0.33

libpng 1.0.34

1.0.34

libpng 1.0.35

1.0.35

libpng 1.0.37

1.0.37

libpng 1.0.38

1.0.38

libpng 1.0.39

1.0.39

libpng 1.0.40

1.0.40

libpng 1.0.41

1.0.41

libpng 1.0.42

1.0.42

libpng 1.0.43

1.0.43

libpng 1.0.44

1.0.44

libpng 1.0.45

1.0.45

libpng 1.0.46

1.0.46

libpng 1.0.47

1.0.47

libpng 1.0.48

1.0.48

libpng 1.0.50

1.0.50

libpng 1.0.51

1.0.51

libpng 1.0.52

1.0.52

libpng 1.0.53

1.0.53

libpng 1.2.0

1.2.0

libpng 1.2.1

1.2.1

libpng 1.2.2

1.2.2

libpng 1.2.3

1.2.3

libpng 1.2.4

1.2.4

libpng 1.2.5

1.2.5

libpng 1.2.6

1.2.6

libpng 1.2.7

1.2.7

libpng 1.2.8

1.2.8

libpng 1.2.9

1.2.9

libpng 1.2.10

1.2.10

libpng 1.2.11

1.2.11

libpng 1.2.13

1.2.13

libpng 1.2.14

1.2.14

libpng 1.2.15

1.2.15

libpng 1.2.16

1.2.16

libpng 1.2.17

1.2.17

libpng 1.2.18

1.2.18

libpng 1.2.19

1.2.19

libpng 1.2.20

1.2.20

libpng 1.2.21

1.2.21

libpng 1.2.22

1.2.22

libpng 1.2.23

1.2.23

libpng 1.2.24

1.2.24

libpng 1.2.25

1.2.25

libpng 1.2.26

1.2.26

libpng 1.2.27

1.2.27

libpng 1.2.28

1.2.28

libpng 1.2.29

1.2.29

libpng 1.2.30

1.2.30

libpng 1.2.31

1.2.31

libpng 1.2.32

1.2.32

libpng 1.2.33

1.2.33

libpng 1.2.34

1.2.34

libpng 1.2.35

1.2.35

libpng 1.2.36

1.2.36

libpng 1.2.37

1.2.37

libpng 1.2.38

1.2.38

libpng 1.2.39

1.2.39

libpng 1.2.40

1.2.40

libpng 1.2.41

1.2.41

libpng 1.2.42

1.2.42

libpng 1.4.1

1.4.1

libpng 1.4.1 Beta 01

1.4.1

libpng 1.4.1 Beta 02

1.4.1

libpng 1.4.1 Beta 03

1.4.1

libpng 1.4.1 Beta 04

1.4.1

libpng 1.4.1 Beta 05

1.4.1

libpng 1.4.1 Beta 06

1.4.1

libpng 1.4.1 Beta 07

1.4.1

libpng 1.4.1 Beta 08

1.4.1

libpng 1.4.1 Beta 09

1.4.1

libpng 1.4.1 Beta 10

1.4.1

libpng 1.4.1 Beta 11

1.4.1

libpng 1.4.1 Beta 12

1.4.1

libpng 1.4.1 Release Candidate 01

1.4.1

libpng 1.4.1 Release Candidate 02

1.4.1

libpng 1.4.1 Release Candidate 04

1.4.1

libpng 1.4.2

1.4.2

libpng 1.4.2 Release Candidate 01

1.4.2

libpng 1.4.2 Release Candidate 02

1.4.2

libpng 1.4.2 Release Candidate 03

1.4.2

libpng 1.4.2 Release Candidate 04

1.4.2

libpng 1.4.2 Release Candidate 05

1.4.2

libpng 1.4.2 Release Candidate 06

1.4.2

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20

APPLE-SA-2010-11-10-1

APPLE-SA-2010-11-22-1

APPLE-SA-2011-03-09-2

APPLE-SA-2011-03-02-1

FEDORA-2010-10823

FEDORA-2010-10833

SUSE-SR:2010:017

[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues

40302

Vendor Advisory

40336

40472

40547

41574

42314

42317

SSA:2010-180-01

http://support.apple.com/kb/HT4435

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4457

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4566

DSA-2072

http://www.libpng.org/pub/png/libpng.html

Patch

MDVSA-2010:133

41174

Patch

1024723

USN-960-1

http://www.vmware.com/security/advisories/VMSA-2010-0014.html

ADV-2010-1612

Vendor Advisory

ADV-2010-1637

ADV-2010-1755

ADV-2010-1837

ADV-2010-1846

ADV-2010-1877

ADV-2010-2491

ADV-2010-3045

ADV-2010-3046

https://bugzilla.redhat.com/show_bug.cgi?id=608644

Patch

libpng-scal-dos(59816)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.