CVE-2010-0205

Name of the Vulnerable Software and Affected Versions libpng versions 1.0.x through 1.0.52 libpng versions 1.2.x through 1.2.42 libpng versions 1.4.x through 1.4.0

Description The issue is related to the handling of compressed ancillary-chunk data in PNG files, which can lead to a denial of service due to memory and CPU consumption, and application hang. This can be achieved through a crafted PNG file, exploiting a "decompression bomb" attack by using the deflate compression method on data composed of many occurrences of the same character. The vulnerability can be exploited remotely.

Recommendations For libpng versions 1.0.x through 1.0.52, update to version 1.0.53 or later. For libpng versions 1.2.x through 1.2.42, update to version 1.2.43 or later. For libpng versions 1.4.x through 1.4.0, update to version 1.4.1 or later.