CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Published: Jun 30, 2010
Updated: Apr 13, 2023
CVE: CVE-2010-1205
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
libpng / libpng	1.4.0	1.4.3
libpng / libpng	-	1.2.44
google / chrome	-	5.0.375.99
apple / itunes	-	10.2
apple / safari	-	5.0.4
apple / iphone_os	2.0	4.1.x
apple / mac_os_x_server	10.6.0	10.6.4
apple / mac_os_x	10.6.0	10.6.4
fedoraproject / fedora	13	13.x
fedoraproject / fedora	12	12.x
suse / linux_enterprise_server	10-sp3	10-sp3.x
opensuse / opensuse	11.1	11.1.x
suse / linux_enterprise_server	11-sp1	11-sp1.x
suse / linux_enterprise_server	9	9.x
opensuse / opensuse	11.2	11.2.x
suse / linux_enterprise_server	11	11.x
vmware / player	2.5	2.5.5
vmware / workstation	6.5.0	6.5.5
vmware / player	3.1	3.1.2
vmware / workstation	7.1	7.1.2
canonical / ubuntu_linux	9.04	9.04.x
canonical / ubuntu_linux	9.10	9.10.x
canonical / ubuntu_linux	10.04	10.04.x
canonical / ubuntu_linux	8.04	8.04.x
canonical / ubuntu_linux	6.06	6.06.x
debian / debian_linux	5.0	5.0.x
mozilla / firefox	3.5.12	3.6.7
mozilla / thunderbird	3.0.7	3.1.1
mozilla / thunderbird	-	3.0.6
mozilla / seamonkey	-	2.0.6
mozilla / firefox	-	3.5.11

Vulnerability Database

289,599

CVE-2010-1205