1. Home
  2. Vulnerabilities
  3. CVE-2010-1205

CVE-2010-1205

CVSS v3.1 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 69.05 % (98th)
69.05% Progress
Affected Products 17
Advisories 26
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Weaknesses
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CVE Status
PUBLISHED
CNA
MITRE
Published Date
2010-06-30 18:30:01
(14 years ago)
Updated Date
2023-11-07 02:05:17
(10 months ago)

Affected Products

Apple

Canonical

Debian

Fedoraproject

Google

Libpng

Mozilla

Opensuse

Suse

Vmware

Configuration #1

    CPE23 From Up To
  Libpng prior 1.2.44 version cpe:2.3:a:libpng:libpng < 1.2.44
  Libpng from 1.4.0 version and prior 1.4.3 version cpe:2.3:a:libpng:libpng >= 1.4.0 < 1.4.3

Configuration #2

    CPE23 From Up To
  Google Chrome prior 5.0.375.99 version cpe:2.3:a:google:chrome < 5.0.375.99

Configuration #3

    CPE23 From Up To
  Apple Itunes prior 10.2 version cpe:2.3:a:apple:itunes < 10.2
  Apple Safari prior 5.0.4 version cpe:2.3:a:apple:safari < 5.0.4
  Apple Iphone Os from 2.0 version and 4.1 and prior versions cpe:2.3:o:apple:iphone_os >= 2.0 <= 4.1
  Apple Mac Os X from 10.6.0 version and prior 10.6.4 version cpe:2.3:o:apple:mac_os_x >= 10.6.0 < 10.6.4
  Apple Mac Os X Server from 10.6.0 version and prior 10.6.4 version cpe:2.3:o:apple:mac_os_x_server >= 10.6.0 < 10.6.4

Configuration #4

    CPE23 From Up To
  Fedoraproject Fedora 12 cpe:2.3:o:fedoraproject:fedora:12
  Fedoraproject Fedora 13 cpe:2.3:o:fedoraproject:fedora:13

Configuration #5

    CPE23 From Up To
  Opensuse 11.1 cpe:2.3:o:opensuse:opensuse:11.1
  Opensuse 11.2 cpe:2.3:o:opensuse:opensuse:11.2
  Suse Linux Enterprise Server 9 cpe:2.3:o:suse:linux_enterprise_server:9
  Suse Linux Enterprise Server 10 SP3 cpe:2.3:o:suse:linux_enterprise_server:10:sp3
  Suse Linux Enterprise Server 11 cpe:2.3:o:suse:linux_enterprise_server:11:-
  Suse Linux Enterprise Server 11 SP1 cpe:2.3:o:suse:linux_enterprise_server:11:sp1

Configuration #6

    CPE23 From Up To
  Vmware Player from 2.5 version and prior 2.5.5 version cpe:2.3:a:vmware:player >= 2.5 < 2.5.5
  Vmware Player from 3.1 version and prior 3.1.2 version cpe:2.3:a:vmware:player >= 3.1 < 3.1.2
  Vmware Workstation from 6.5.0 version and prior 6.5.5 version cpe:2.3:a:vmware:workstation >= 6.5.0 < 6.5.5
  Vmware Workstation from 7.1 version and prior 7.1.2 version cpe:2.3:a:vmware:workstation >= 7.1 < 7.1.2

Configuration #7

    CPE23 From Up To
  Canonical Ubuntu Linux 6.06 cpe:2.3:o:canonical:ubuntu_linux:6.06
  Canonical Ubuntu Linux 8.04 cpe:2.3:o:canonical:ubuntu_linux:8.04
  Canonical Ubuntu Linux 9.04 cpe:2.3:o:canonical:ubuntu_linux:9.04
  Canonical Ubuntu Linux 9.10 cpe:2.3:o:canonical:ubuntu_linux:9.10
  Canonical Ubuntu Linux 10.04 cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-

Configuration #8

    CPE23 From Up To
  Debian Linux 5.0 cpe:2.3:o:debian:debian_linux:5.0

Configuration #9

    CPE23 From Up To
  Mozilla Firefox prior 3.5.11 version cpe:2.3:a:mozilla:firefox < 3.5.11
  Mozilla Firefox from 3.5.12 version and prior 3.6.7 version cpe:2.3:a:mozilla:firefox >= 3.5.12 < 3.6.7
  Mozilla Seamonkey prior 2.0.6 version cpe:2.3:a:mozilla:seamonkey < 2.0.6
  Mozilla Thunderbird prior 3.0.6 version cpe:2.3:a:mozilla:thunderbird < 3.0.6
  Mozilla Thunderbird from 3.0.7 version and prior 3.1.1 version cpe:2.3:a:mozilla:thunderbird >= 3.0.7 < 3.1.1