PT-2010-1080 · Libpng+4 · Libpng+4

Kurt Seifried

·

Published

2010-06-30

·

Updated

2025-09-29

·

CVE-2010-1205

CVSS v2.0

10

Critical

VectorAV:N/AC:L/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions libpng versions 1.0.6 through 1.2.43 libpng versions 1.4.0 through 1.4.2
Description The issue is related to a buffer overflow in the pngpread.c file of libpng, which can be triggered by a specially crafted PNG image, potentially allowing remote attackers to execute arbitrary code. This can lead to disruption of protected information and allow an attacker to execute arbitrary code using a malformed PNG file. The exploitation can be done remotely.
Recommendations For libpng versions 1.0.6 through 1.2.43, update to version 1.2.44 or later. For libpng versions 1.4.0 through 1.4.2, update to version 1.4.3 or later. As a temporary workaround, consider restricting the use of libpng until a patch is available. Avoid using libpng to process untrusted PNG images until the issue is resolved.

Exploit

Fix

RCE

Resource Exhaustion

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-20CWE-400CWE-120

Related Identifiers

ALSA-2025_16880
AZL-43975
AZL-45408
BDU:2015-09413
BDU:2015-10121
CVE-2010-1205
DSA-2072-1
DSA-2075-1
OPENSUSE-SU-2014_1100-1
OPENSUSE-SU-2024:10050-1
OPENSUSE-SU-2024:10071-1
OPENSUSE-SU-2024:10184-1
OPENSUSE-SU-2024:10218-1
OPENSUSE-SU-2024:10230-1
OPENSUSE-SU-2024:10685-1
OPENSUSE-SU-2024:14572-1
RHSA-2010:0534
RHSA-2010:0545
RHSA-2010:0546
RHSA-2010:0547
RHSA-2010_0534
RHSA-2010_0545
RHSA-2010_0546
RHSA-2010_0547

Affected Products

Red Hat
Suse
Vmware Workstation
Itunes
Libpng