Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
Configuration 6 (hide)
|
Configuration 7 (hide)
|
History
21 Nov 2024, 01:16
Type | Values Removed | Values Added |
---|---|---|
References | () http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 - | |
References | () http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html - Mailing List, Third Party Advisory | |
References | () http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html - Mailing List, Third Party Advisory | |
References | () http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html - Mailing List, Third Party Advisory | |
References | () http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html - Mailing List, Third Party Advisory | |
References | () http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html - Mailing List, Third Party Advisory | |
References | () http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html - Mailing List, Third Party Advisory | |
References | () http://lists.vmware.com/pipermail/security-announce/2010/000105.html - Mailing List, Third Party Advisory | |
References | () http://secunia.com/advisories/40302 - Broken Link | |
References | () http://secunia.com/advisories/40336 - Broken Link | |
References | () http://secunia.com/advisories/40472 - Broken Link | |
References | () http://secunia.com/advisories/40547 - Broken Link | |
References | () http://secunia.com/advisories/41574 - Broken Link | |
References | () http://secunia.com/advisories/42314 - Broken Link | |
References | () http://secunia.com/advisories/42317 - Broken Link | |
References | () http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061 - Mailing List, Patch, Third Party Advisory | |
References | () http://support.apple.com/kb/HT4435 - Broken Link | |
References | () http://support.apple.com/kb/HT4456 - Third Party Advisory | |
References | () http://support.apple.com/kb/HT4457 - Third Party Advisory | |
References | () http://support.apple.com/kb/HT4554 - Third Party Advisory | |
References | () http://support.apple.com/kb/HT4566 - Broken Link | |
References | () http://www.debian.org/security/2010/dsa-2072 - Third Party Advisory | |
References | () http://www.libpng.org/pub/png/libpng.html - Product, Vendor Advisory | |
References | () http://www.mandriva.com/security/advisories?name=MDVSA-2010:133 - Broken Link | |
References | () http://www.securityfocus.com/bid/41174 - Patch, Third Party Advisory, VDB Entry | |
References | () http://www.securitytracker.com/id?1024723 - Third Party Advisory, VDB Entry | |
References | () http://www.ubuntu.com/usn/USN-960-1 - Third Party Advisory | |
References | () http://www.vmware.com/security/advisories/VMSA-2010-0014.html - Third Party Advisory | |
References | () http://www.vupen.com/english/advisories/2010/1612 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/1637 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/1755 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/1837 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/1846 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/1877 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/2491 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/3045 - Broken Link | |
References | () http://www.vupen.com/english/advisories/2010/3046 - Broken Link | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=608644 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/59816 - Third Party Advisory, VDB Entry |
Information
Published : 2010-06-30 18:30
Updated : 2024-11-21 01:16
NVD link : CVE-2010-2249
Mitre link : CVE-2010-2249
CVE.ORG link : CVE-2010-2249
JSON object : View
Products Affected
debian
- debian_linux
vmware
- workstation
- player
suse
- linux_enterprise_server
apple
- itunes
- tvos
- safari
- iphone_os
libpng
- libpng
canonical
- ubuntu_linux
opensuse
- opensuse
fedoraproject
- fedora
CWE
CWE-401
Missing Release of Memory after Effective Lifetime