Russian Vulnerability Scanner Database

Back to List

CVE-2010-0205

Scores

EPSS

0.046very_low4.6%
0%20%40%60%80%100%

Percentile: 4.6%

CVSS

4.3medium2.0
0246810

CVSS Score: 4.3/10

All CVSS Scores

CVSS 2.0
4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Description

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a “decompression bomb” attack.

Scaner-VS 7 — a modern vulnerability management solution

Uses this database for vulnerability detection. High-speed search, cross-platform, advanced configuration audit, and flexible filtering. Suitable for organizations of any size.
Learn more about Scaner-VS 7

Sources

debiannvdredhatubuntu

CWEs

CWE-400CWE-409

Related Vulnerabilities

BDU:2015-09413

Exploits

Exploit ID: 14422

Source: exploitdb

URL: https://www.exploit-db.com/exploits/14422

Exploit ID: 25094

Source: exploitdb

URL: https://www.exploit-db.com/exploits/25094

Exploit ID: 389

Source: exploitdb

URL: https://www.exploit-db.com/exploits/389

Exploit ID: 393

Source: exploitdb

URL: https://www.exploit-db.com/exploits/393

Exploit ID: CVE-2010-1205

Source: github-poc

URL: https://github.com/mk219533/CVE-2010-1205

Recommendations

Source: nvd

UpgradeThe PNG Development Group has released versions 1.4.1, 1.2.43, and 1.0.53, which provide more efficient decompression of ancillary chunks. This update decreases resource consumption associated with chunk decompression, but may not provide a complete defense unless coupled with appropriate memory limits.Set limits on memory usage and number of cached ancillary chunksLibpng provides functions to limit memory consumption and number of cached ancillary chunks. Applications that use libpng should use these functions to set appropriate limits. Please see defense #2 in the document Defending Libpng Applications Against Decompression Bombs for more information.Disable Ancillary Chunk DecodingDevelopers who build versions of libpng can choose to ignore ancillary chunks by defining specific preprocessor macros. Please see defense #3 in the document Defending Libpng Applications Against Decompression Bombs for more information.

URL: http://www.kb.cert.org/vuls/id/576029

Vulnerable Software (15)

Type: Configuration

Product: firefox

Operating System: ubuntu hardy 8.04

Trait: 
{  "unfixed": true}

Source: ubuntu

Type: Configuration

Product: libpng

Operating System: ubuntu hardy 8.04

Trait: 
{  "fixed": "1.2.15~beta5-3ubuntu0.2"}

Source: ubuntu

Type: Configuration

Product: libpng

Operating System: debian

Trait: 
{  "fixed": "1.2.43-1"}

Source: debian

Type: Configuration

Product: libpng

Operating System: rhel 3

Trait: 
{  "fixed": "1.2.2-30"}

Source: redhat

Type: Configuration

Product: libpng

Operating System: rhel 4

Trait: 
{  "fixed": "1.2.7-3.el4_8.3"}

Source: redhat

Type: Configuration

Product: libpng

Operating System: rhel 5

Trait: 
{  "fixed": "1.2.10-7.1.el5_5.3"}

Source: redhat

Type: Configuration

Product: libpng10

Operating System: rhel 3

Trait: 
{  "fixed": "1.0.13-21"}

Source: redhat

Type: Configuration

Product: libpng10

Operating System: rhel 4

Trait: 
{  "fixed": "1.0.16-3.el4_8.4"}

Source: redhat

Type: Configuration

Vendor: *

Product: debian_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: fedora

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",...

Source: nvd

Type: Configuration

Vendor: *

Product: libpng

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",      "versionEndExcluding": "1.0.53",      "versionStartIncluding": "1.0.0",      "vulnerable": true    },   ...

Source: nvd

Type: Configuration

Vendor: *

Product: linux_enterprise_server

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: mac_os_x

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",      "versionEndExcluding": "10.6.5",      "vulnerable": true    }  ],  "operator": "OR"}

Source: nvd

Type: Configuration

Vendor: *

Product: opensuse

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", ...

Source: nvd

Type: Configuration

Vendor: *

Product: ubuntu_linux

Operating System: * * *

Trait: 
{  "cpe_match": [    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",      "vulnerable": true    },    {      "cpe23uri": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-...

Source: nvd

End of list