CVE-2010-2249

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.4.3 libpng versions 1.4.x prior to 1.4.3 libpng versions prior to 1.2.44

Description The issue is related to multiple vulnerabilities in the libpng package, which can be exploited remotely, leading to a denial of service and potential disruption of protected information. Specifically, a memory leak in pngrutil.c in libpng allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks.

Recommendations For libpng versions prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. For libpng versions 1.4.x prior to 1.4.3, update to version 1.4.3 or later to resolve the issue. For libpng versions prior to 1.2.44, update to version 1.2.44 or later to resolve the issue.

Fix

DoS

Resource Exhaustion

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-401

Related Identifiers

AZL-40809

AZL-43960

AZL-44709

BDU:2015-09413

CVE-2010-2249

DSA-2072-1

RHSA-2010:0534

RHSA-2010_0534

Affected Products

Red Hat

Vmware Workstation

Libpng

CVE-2010-2249

Weakness Enumeration

Related Identifiers

Affected Products

References · 49