6.5
CVE-2010-2249
- EPSS 2.63%
- Veröffentlicht 30.06.2010 18:30:01
- Zuletzt bearbeitet 16.06.2026 23:20:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Fedoraproject ≫ Fedora Version12
Fedoraproject ≫ Fedora Version13
Suse ≫ Linux Enterprise Server Version9
Suse ≫ Linux Enterprise Server Version10 Updatesp3
Suse ≫ Linux Enterprise Server Version11 Update-
Suse ≫ Linux Enterprise Server Version11 Updatesp1
VMware ≫ Workstation Version >= 6.5.0 < 6.5.5
VMware ≫ Workstation Version >= 7.1 < 7.1.2
Canonical ≫ Ubuntu Linux Version6.06
Canonical ≫ Ubuntu Linux Version8.04
Canonical ≫ Ubuntu Linux Version9.04
Canonical ≫ Ubuntu Linux Version9.10
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Debian ≫ Debian Linux Version5.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.63% | 0.835 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:N/I:N/A:P
|
CWE-401 Missing Release of Memory after Effective Lifetime
The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://support.apple.com/kb/HT4435
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
http://www.vupen.com/english/advisories/2010/1837
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://secunia.com/advisories/42314
http://support.apple.com/kb/HT4456
http://www.vupen.com/english/advisories/2010/3046
http://www.libpng.org/pub/png/libpng.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/41574
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/2491
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.securitytracker.com/id?1024723
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
http://secunia.com/advisories/40302
http://secunia.com/advisories/40336
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/42317
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
http://support.apple.com/kb/HT4457
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4566
http://www.debian.org/security/2010/dsa-2072
http://www.securityfocus.com/bid/41174
http://www.ubuntu.com/usn/USN-960-1
http://www.vupen.com/english/advisories/2010/1612
http://www.vupen.com/english/advisories/2010/1637
http://www.vupen.com/english/advisories/2010/1755
http://www.vupen.com/english/advisories/2010/1846
http://www.vupen.com/english/advisories/2010/1877
http://www.vupen.com/english/advisories/2010/3045
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20
https://bugzilla.redhat.com/show_bug.cgi?id=608644
https://exchange.xforce.ibmcloud.com/vulnerabilities/59816