9.8
CVE-2010-1205
- EPSS 17.03%
- Published 30.06.2010 18:30:01
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Data is provided by the National Vulnerability Database (NVD)
Apple ≫ macOS X Server Version >= 10.6.0 < 10.6.4
Fedoraproject ≫ Fedora Version12
Fedoraproject ≫ Fedora Version13
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Update-
Suse ≫ Linux Enterprise Server Version11 Updatesp1
VMware ≫ Workstation Version >= 6.5.0 < 6.5.5
VMware ≫ Workstation Version >= 7.1 < 7.1.2
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Debian ≫ Debian Linux Version5.0
Mozilla ≫ Thunderbird Version < 3.0.6
Mozilla ≫ Thunderbird Version >= 3.0.7 < 3.1.1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 17.03% | 0.947 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-120 Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.