PT-2010-1080 · Libpng+4 · Libpng+4

Kurt Seifried

Publicado

2010-06-30

Atualizado

2025-09-29

CVE-2010-1205

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.6 through 1.2.43 libpng versions 1.4.0 through 1.4.2

Description The issue is related to a buffer overflow in the pngpread.c file of libpng, which can be triggered by a specially crafted PNG image, potentially allowing remote attackers to execute arbitrary code. This can lead to disruption of protected information and allow an attacker to execute arbitrary code using a malformed PNG file. The exploitation can be done remotely.

Recommendations For libpng versions 1.0.6 through 1.2.43, update to version 1.2.44 or later. For libpng versions 1.4.0 through 1.4.2, update to version 1.4.3 or later. As a temporary workaround, consider restricting the use of libpng until a patch is available. Avoid using libpng to process untrusted PNG images until the issue is resolved.

Exploit

Correção

RCE

Resource Exhaustion

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20CWE-400CWE-120

Identificadores relacionados

ALSA-2025_16880

AZL-43975

AZL-45408

BDU:2015-09413

BDU:2015-10121

CVE-2010-1205

DSA-2072-1

DSA-2075-1

OPENSUSE-SU-2014_1100-1

OPENSUSE-SU-2024:10050-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:10184-1

OPENSUSE-SU-2024:10218-1

OPENSUSE-SU-2024:10230-1

OPENSUSE-SU-2024:10685-1

OPENSUSE-SU-2024:14572-1

RHSA-2010:0534

RHSA-2010:0545

RHSA-2010:0546

RHSA-2010:0547

RHSA-2010_0534

RHSA-2010_0545

RHSA-2010_0546

RHSA-2010_0547

Produtos afetados

Red Hat

Suse

Vmware Workstation

Itunes

Libpng

PT-2010-1080 · Libpng+4 · Libpng+4

CVE-2010-1205

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 2215