9.8
CVE-2010-1205
- EPSS 43.38%
- Veröffentlicht 30.06.2010 18:30:01
- Zuletzt bearbeitet 16.06.2026 23:17:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Apple ≫ macOS X Server Version >= 10.6.0 < 10.6.4
Fedoraproject ≫ Fedora Version12
Fedoraproject ≫ Fedora Version13
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Update-
Suse ≫ Linux Enterprise Server Version11 Updatesp1
VMware ≫ Workstation Version >= 6.5.0 < 6.5.5
VMware ≫ Workstation Version >= 7.1 < 7.1.2
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Debian ≫ Debian Linux Version5.0
Mozilla ≫ Thunderbird Version < 3.0.6
Mozilla ≫ Thunderbird Version >= 3.0.7 < 3.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 43.38% | 0.986 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer.
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
http://www.vupen.com/english/advisories/2010/1837
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://secunia.com/advisories/42314
http://support.apple.com/kb/HT4456
http://www.vupen.com/english/advisories/2010/3046
http://www.libpng.org/pub/png/libpng.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/41574
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/2491
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://support.apple.com/kb/HT4312
http://blackberry.com/btsc/KB27244
http://code.google.com/p/chromium/issues/detail?id=45983
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
http://secunia.com/advisories/40302
http://secunia.com/advisories/40336
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/42317
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
http://support.apple.com/kb/HT4457
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4566
http://trac.webkit.org/changeset/61816
http://www.debian.org/security/2010/dsa-2072
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.securityfocus.com/bid/41174
http://www.ubuntu.com/usn/USN-960-1
http://www.vupen.com/english/advisories/2010/1612
http://www.vupen.com/english/advisories/2010/1637
http://www.vupen.com/english/advisories/2010/1755
http://www.vupen.com/english/advisories/2010/1846
http://www.vupen.com/english/advisories/2010/1877
http://www.vupen.com/english/advisories/2010/3045
https://bugs.webkit.org/show_bug.cgi?id=40798
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
https://bugzilla.redhat.com/show_bug.cgi?id=608238
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851