1. Home
  2. Security Advisories
  3. FreeBSD
  4. FREEBSD:EDEF3F2F-82CF-11DF-BCCE-0018F3E2EB82

[FREEBSD:EDEF3F2F-82CF-11DF-BCCE-0018F3E2EB82] png -- libpng decompression buffer overflow

Severity Critical
Affected Packages 1
CVEs 1
Info Packages References Vulnerabilities

The PNG project describes the problem in an advisory:

  Several versions of libpng through 1.4.2 (and through 1.2.43
    in the older series) contain a bug whereby progressive
    applications such as web browsers (or the rpng2 demo app included
    in libpng) could receive an extra row of image data beyond the
    height reported in the header, potentially leading to an
    out-of-bounds write to memory (depending on how the application
    is written) and the possibility of execution of an attacker's
    code with the privileges of the libpng user (including remote
    compromise in the case of a libpng-based browser visiting a
    hostile web site).
Package Affected Version
pkg:freebsd/png < 1.4.3
ID
FREEBSD:EDEF3F2F-82CF-11DF-BCCE-0018F3E2EB82
Severity
critical
Severity from
CVE-2010-1205
URL
http://vuxml.freebsd.org/freebsd/edef3f2f-82cf-11df-bcce-0018f3e2eb82.html
Published
2010-03-30T00:00:00
(14 years ago)
Modified
2010-06-28T00:00:00
(14 years ago)
Rights
FreeBSD VuXML Security Team
Other Advisories
Source # ID Name URL
FreeBSD VuXML http://www.libpng.org/pub/png/libpng.html
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:freebsd/png png < 1.4.3
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date