6.5

CVE-2010-2249

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Data is provided by the National Vulnerability Database (NVD)
LibpngLibpng Version < 1.2.44
LibpngLibpng Version >= 1.4.0 < 1.4.3
AppleiTunes Version < 10.2
AppleSafari Version < 5.0.4
AppleiPhone OS Version >= 2.0 <= 4.1
AppletvOS Version < 4.1.0
FedoraprojectFedora Version12
FedoraprojectFedora Version13
OpensuseOpensuse Version11.1
OpensuseOpensuse Version11.2
SuseLinux Enterprise Server Version10 Updatesp3
SuseLinux Enterprise Server Version11 Update-
SuseLinux Enterprise Server Version11 Updatesp1
VMwarePlayer Version >= 2.5 < 2.5.5
VMwarePlayer Version >= 3.1 < 3.1.2
VMwareWorkstation Version >= 6.5.0 < 6.5.5
VMwareWorkstation Version >= 7.1 < 7.1.2
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04
CanonicalUbuntu Linux Version9.04
CanonicalUbuntu Linux Version9.10
CanonicalUbuntu Linux Version10.04 SwEdition-
DebianDebian Linux Version5.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 1.57% 0.798
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

http://www.securitytracker.com/id?1024723
Third Party Advisory
VDB Entry
http://www.securityfocus.com/bid/41174
Patch
Third Party Advisory
VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=608644
Patch
Third Party Advisory
Issue Tracking