4.3

CVE-2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version >= 1.0.0 < 1.0.53
LibpngLibpng Version >= 1.2.0 < 1.2.43
LibpngLibpng Version >= 1.4.0 < 1.4.1
ApplemacOS X Version < 10.6.5
FedoraprojectFedora Version11
FedoraprojectFedora Version12
FedoraprojectFedora Version13
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Server Version10 Updatesp3
SuseLinux Enterprise Server Version11 Update-
SuseLinux Enterprise Server Version11 Updatesp1
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
DebianDebian Linux Version5.0
DebianDebian Linux Version6.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.21% 0.897
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource.

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
Mailing List
http://support.apple.com/kb/HT4435
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Third Party Advisory
Mailing List
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
Third Party Advisory
Mailing List
http://www.vupen.com/english/advisories/2010/1107
Third Party Advisory
http://secunia.com/advisories/39251
Third Party Advisory
http://ubuntu.com/usn/usn-913-1
Third Party Advisory
http://www.debian.org/security/2010/dsa-2032
Third Party Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0637
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0682
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0847
Third Party Advisory
http://libpng.sourceforge.net/ADVISORY-1.4.1.html
Third Party Advisory
http://libpng.sourceforge.net/decompression_bombs.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html
Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html
Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Third Party Advisory
http://osvdb.org/62670
Broken Link
http://secunia.com/advisories/38774
Third Party Advisory
http://secunia.com/advisories/41574
Third Party Advisory
http://www.kb.cert.org/vuls/id/576029
Third Party Advisory
US Government Resource
http://www.mandriva.com/security/advisories?name=MDVSA-2010:064
Third Party Advisory
http://www.securityfocus.com/bid/38478
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1023674
Third Party Advisory
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0517
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0605
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0626
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0667
Third Party Advisory
http://www.vupen.com/english/advisories/2010/0686
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2491
Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/56661
Third Party Advisory
VDB Entry