CVE - CVE-2010-1205

CVE-ID
CVE-2010-1205	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MLIST:[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues URL:http://lists.vmware.com/pipermail/security-announce/2010/000105.html CONFIRM:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 CONFIRM:http://www.libpng.org/pub/png/libpng.html CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=608238 CONFIRM:http://code.google.com/p/chromium/issues/detail?id=45983 CONFIRM:http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html CONFIRM:http://trac.webkit.org/changeset/61816 CONFIRM:https://bugs.webkit.org/show_bug.cgi?id=40798 CONFIRM:http://www.mozilla.org/security/announce/2010/mfsa2010-41.html CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=570451 CONFIRM:http://support.apple.com/kb/HT4312 CONFIRM:http://www.vmware.com/security/advisories/VMSA-2010-0014.html CONFIRM:http://support.apple.com/kb/HT4435 CONFIRM:http://support.apple.com/kb/HT4456 CONFIRM:http://support.apple.com/kb/HT4457 CONFIRM:http://support.apple.com/kb/HT4554 CONFIRM:http://support.apple.com/kb/HT4566 CONFIRM:http://blackberry.com/btsc/KB27244 APPLE:APPLE-SA-2010-08-24-1 URL:http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html APPLE:APPLE-SA-2010-11-10-1 URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html APPLE:APPLE-SA-2010-11-22-1 URL:http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html APPLE:APPLE-SA-2011-03-02-1 URL:http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html APPLE:APPLE-SA-2011-03-09-2 URL:http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html DEBIAN:DSA-2072 URL:http://www.debian.org/security/2010/dsa-2072 FEDORA:FEDORA-2010-10823 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html FEDORA:FEDORA-2010-10833 URL:http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html MANDRIVA:MDVSA-2010:133 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 SLACKWARE:SSA:2010-180-01 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 SUSE:SUSE-SR:2010:017 URL:http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html UBUNTU:USN-960-1 URL:http://www.ubuntu.com/usn/USN-960-1 BID:41174 URL:http://www.securityfocus.com/bid/41174 OVAL:oval:org.mitre.oval:def:11851 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851 SECUNIA:40302 URL:http://secunia.com/advisories/40302 SECUNIA:40472 URL:http://secunia.com/advisories/40472 SECUNIA:40547 URL:http://secunia.com/advisories/40547 SECUNIA:41574 URL:http://secunia.com/advisories/41574 SECUNIA:42317 URL:http://secunia.com/advisories/42317 SECUNIA:42314 URL:http://secunia.com/advisories/42314 SECUNIA:40336 URL:http://secunia.com/advisories/40336 VUPEN:ADV-2010-1612 URL:http://www.vupen.com/english/advisories/2010/1612 VUPEN:ADV-2010-1755 URL:http://www.vupen.com/english/advisories/2010/1755 VUPEN:ADV-2010-1837 URL:http://www.vupen.com/english/advisories/2010/1837 VUPEN:ADV-2010-1846 URL:http://www.vupen.com/english/advisories/2010/1846 VUPEN:ADV-2010-1877 URL:http://www.vupen.com/english/advisories/2010/1877 VUPEN:ADV-2010-2491 URL:http://www.vupen.com/english/advisories/2010/2491 VUPEN:ADV-2010-3045 URL:http://www.vupen.com/english/advisories/2010/3045 VUPEN:ADV-2010-3046 URL:http://www.vupen.com/english/advisories/2010/3046 VUPEN:ADV-2010-1637 URL:http://www.vupen.com/english/advisories/2010/1637 XF:libpng-rowdata-bo(59815) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
Assigning CNA
N/A
Date Entry Created
20100330	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20100330)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org

Use of the Common Vulnerabilities and Exposures List and the associated references from this Web site are subject to the Terms of Use. For more information, please email cve@mitre.org.

CVE is sponsored by US-CERT in the office of Cybersecurity and Communications at the U.S. Department of Homeland Security. Copyright © 1999–2018, The MITRE Corporation. CVE and the CVE logo are registered trademarks and CVE-Compatible is a trademark of The MITRE Corporation.

Site Map
Privacy policy
Terms of use
Contact us