6.5

CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version < 1.2.44
LibpngLibpng Version >= 1.4.0 < 1.4.3
AppleiTunes Version < 10.2
AppleSafari Version < 5.0.4
AppleiPhone OS Version >= 2.0 <= 4.1
AppletvOS Version < 4.1.0
FedoraprojectFedora Version12
FedoraprojectFedora Version13
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Server Version10 Updatesp3
SuseLinux Enterprise Server Version11 Update-
SuseLinux Enterprise Server Version11 Updatesp1
VMwarePlayer Version >= 2.5 < 2.5.5
VMwarePlayer Version >= 3.1 < 3.1.2
VMwareWorkstation Version >= 6.5.0 < 6.5.5
VMwareWorkstation Version >= 7.1 < 7.1.2
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.63% 0.835
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4435
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
Broken Link
http://www.vupen.com/english/advisories/2010/1837
Broken Link
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/42314
Broken Link
http://support.apple.com/kb/HT4456
Third Party Advisory
http://www.vupen.com/english/advisories/2010/3046
Broken Link
http://www.libpng.org/pub/png/libpng.html
Vendor Advisory
Product
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/41574
Broken Link
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Third Party Advisory
http://www.vupen.com/english/advisories/2010/2491
Broken Link
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Third Party Advisory
Mailing List
http://www.securitytracker.com/id?1024723
Third Party Advisory
VDB Entry
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Third Party Advisory
Mailing List
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
Third Party Advisory
Mailing List
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
Third Party Advisory
Mailing List
http://secunia.com/advisories/40302
Broken Link
http://secunia.com/advisories/40336
Broken Link
http://secunia.com/advisories/40472
Broken Link
http://secunia.com/advisories/40547
Broken Link
http://secunia.com/advisories/42317
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
Patch
Third Party Advisory
Mailing List
http://support.apple.com/kb/HT4457
Third Party Advisory
http://support.apple.com/kb/HT4554
Third Party Advisory
http://support.apple.com/kb/HT4566
Broken Link
http://www.debian.org/security/2010/dsa-2072
Third Party Advisory
http://www.securityfocus.com/bid/41174
Patch
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-960-1
Third Party Advisory
http://www.vupen.com/english/advisories/2010/1612
Broken Link
http://www.vupen.com/english/advisories/2010/1637
Broken Link
http://www.vupen.com/english/advisories/2010/1755
Broken Link
http://www.vupen.com/english/advisories/2010/1846
Broken Link
http://www.vupen.com/english/advisories/2010/1877
Broken Link
http://www.vupen.com/english/advisories/2010/3045
Broken Link
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20
https://bugzilla.redhat.com/show_bug.cgi?id=608644
Patch
Third Party Advisory
Issue Tracking
https://exchange.xforce.ibmcloud.com/vulnerabilities/59816
Third Party Advisory
VDB Entry