Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-2249 | First vendor Publication | 2010-06-30 |
Vendor | Cve | Last vendor Modification | 2023-02-13 |
Security-Database Scoring CVSS v3
Cvss vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H | |||
---|---|---|---|
Overall CVSS Score | 6.5 | ||
Base Score | 6.5 | Environmental Score | 6.5 |
impact SubScore | 3.6 | Temporal Score | 6.5 |
Exploitabality Sub Score | 2.8 | ||
Attack Vector | Network | Attack Complexity | Low |
Privileges Required | None | User Interaction | Required |
Scope | Unchanged | Confidentiality Impact | None |
Integrity Impact | None | Availability Impact | High |
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2249 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-401 | Failure to Release Memory Before Removing Last Reference ('Memory Leak') |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:11512 | |||
Oval ID: | oval:org.mitre.oval:def:11512 | ||
Title: | DSA-2072 libpng -- several vulnerabilities | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2072 CVE-2010-1205 CVE-2010-2249 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13338 | |||
Oval ID: | oval:org.mitre.oval:def:13338 | ||
Title: | DSA-2072-1 libpng -- several | ||
Description: | Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1205 It was discovered a buffer overflow in libpng which allows remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. CVE-2010-2249 It was discovered a memory leak in libpng which allows remote attackers to cause a denial of service via a PNG image containing malformed Physical Scale chunks For the stable distribution , these problems have been fixed in version 1.2.27-2+lenny4. For the testing and unstable distribution, these problems have been fixed in version 1.2.44-1 We recommend that you upgrade your libpng package. | ||
Family: | unix | Class: | patch |
Reference(s): | DSA-2072-1 CVE-2010-1205 CVE-2010-2249 | Version: | 5 |
Platform(s): | Debian GNU/Linux 5.0 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:13405 | |||
Oval ID: | oval:org.mitre.oval:def:13405 | ||
Title: | USN-960-1 -- libpng vulnerabilities | ||
Description: | It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service | ||
Family: | unix | Class: | patch |
Reference(s): | USN-960-1 CVE-2010-1205 CVE-2010-2249 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04 | Product(s): | libpng |
Definition Synopsis: | |||
|
Definition Id: oval:org.mitre.oval:def:22383 | |||
Oval ID: | oval:org.mitre.oval:def:22383 | ||
Title: | RHSA-2010:0534: libpng security update (Important) | ||
Description: | Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||
Family: | unix | Class: | patch |
Reference(s): | RHSA-2010:0534-01 CESA-2010:0534 CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 | Version: | 55 |
Platform(s): | Red Hat Enterprise Linux 3 Red Hat Enterprise Linux 5 CentOS Linux 5 | Product(s): | libpng libpng10 |
Definition Synopsis: | |||
Definition Id: oval:org.mitre.oval:def:23184 | |||
Oval ID: | oval:org.mitre.oval:def:23184 | ||
Title: | ELSA-2010:0534: libpng security update (Important) | ||
Description: | Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2010:0534-01 CVE-2009-2042 CVE-2010-0205 CVE-2010-1205 CVE-2010-2249 | Version: | 21 |
Platform(s): | Oracle Linux 5 | Product(s): | libpng libpng10 |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2011-09-07 | Name : Mac OS X v10.6.4 Multiple Vulnerabilities (2010-007) File : nvt/gb_macosx_su10-007.nasl |
2011-08-26 | Name : Apple iTunes Multiple Vulnerabilities (Mac OS X) File : nvt/secpod_itunes_mult_vuln_macosx.nasl |
2011-08-09 | Name : CentOS Update for libpng CESA-2010:0534 centos5 i386 File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl |
2011-03-09 | Name : Gentoo Security Advisory GLSA 201010-01 (libpng) File : nvt/glsa_201010_01.nasl |
2010-10-01 | Name : VMware Products Security Bypass Vulnerability (Win) -Sep10 File : nvt/secpod_vmware_prdts_sec_bypass_vuln_win_sep10.nasl |
2010-10-01 | Name : VMware Products Security Bypass Vulnerability (Linux) -Sep10 File : nvt/secpod_vmware_prdts_sec_bypass_vuln_lin_sep10.nasl |
2010-09-27 | Name : Mandriva Update for ghostscript MDVSA-2010:136 (ghostscript) File : nvt/gb_mandriva_MDVSA_2010_136.nasl |
2010-08-21 | Name : Debian Security Advisory DSA 2072-1 (libpng) File : nvt/deb_2072_1.nasl |
2010-08-20 | Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386 File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl |
2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10776 File : nvt/gb_fedora_2010_10776_mingw32-libpng_fc12.nasl |
2010-07-30 | Name : Fedora Update for mingw32-libpng FEDORA-2010-10793 File : nvt/gb_fedora_2010_10793_mingw32-libpng_fc13.nasl |
2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10833 File : nvt/gb_fedora_2010_10833_libpng10_fc12.nasl |
2010-07-23 | Name : Fedora Update for libpng10 FEDORA-2010-10823 File : nvt/gb_fedora_2010_10823_libpng10_fc13.nasl |
2010-07-16 | Name : Mandriva Update for libpng MDVSA-2010:133 (libpng) File : nvt/gb_mandriva_MDVSA_2010_133.nasl |
2010-07-16 | Name : Mandriva Update for ghostscript MDVSA-2010:134 (ghostscript) File : nvt/gb_mandriva_MDVSA_2010_134.nasl |
2010-07-16 | Name : RedHat Update for libpng RHSA-2010:0534-01 File : nvt/gb_RHSA-2010_0534-01_libpng.nasl |
2010-07-12 | Name : Ubuntu Update for libpng vulnerabilities USN-960-1 File : nvt/gb_ubuntu_USN_960_1.nasl |
2010-07-06 | Name : Fedora Update for libpng FEDORA-2010-10592 File : nvt/gb_fedora_2010_10592_libpng_fc12.nasl |
2010-07-02 | Name : Fedora Update for libpng FEDORA-2010-10557 File : nvt/gb_fedora_2010_10557_libpng_fc13.nasl |
2010-04-30 | Name : Mandriva Update for gdm MDVA-2010:133 (gdm) File : nvt/gb_mandriva_MDVA_2010_133.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2010-180-01 libpng File : nvt/esoft_slk_ssa_2010_180_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
65853 | libpng pngrutil.c sCAL Chunk Memory Corruption DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-03-10 | Name : The remote host contains a web browser that is affected by several vulnerabil... File : safari_5_0_4.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote host contains a multimedia application that has multiple vulnerabi... File : itunes_10_2_banner.nasl - Type : ACT_GATHER_INFO |
2011-03-03 | Name : The remote host contains an application that has multiple vulnerabilities. File : itunes_10_2.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes security issues. File : macosx_SecUpd2010-007.nasl - Type : ACT_GATHER_INFO |
2010-11-10 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_5.nasl - Type : ACT_GATHER_INFO |
2010-10-11 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-7144.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201010-01.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12642.nasl - Type : ACT_GATHER_INFO |
2010-09-12 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-100901.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-133.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-134.nasl - Type : ACT_GATHER_INFO |
2010-07-30 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-136.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10793.nasl - Type : ACT_GATHER_INFO |
2010-07-27 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10776.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10833.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10823.nasl - Type : ACT_GATHER_INFO |
2010-07-21 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2072.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2010-07-09 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-960-1.nasl - Type : ACT_GATHER_INFO |
2010-07-06 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10592.nasl - Type : ACT_GATHER_INFO |
2010-07-02 | Name : The remote Fedora host is missing a security update. File : fedora_2010-10557.nasl - Type : ACT_GATHER_INFO |
2010-07-01 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2010-180-01.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-08-02 12:13:54 |
|
2024-08-02 01:03:45 |
|
2024-02-02 01:13:29 |
|
2024-02-01 12:03:41 |
|
2023-09-05 12:12:33 |
|
2023-09-05 01:03:32 |
|
2023-09-02 12:12:36 |
|
2023-09-02 01:03:35 |
|
2023-08-12 12:14:58 |
|
2023-08-12 01:03:34 |
|
2023-08-11 12:12:39 |
|
2023-08-11 01:03:42 |
|
2023-08-06 12:12:11 |
|
2023-08-06 01:03:36 |
|
2023-08-04 12:12:16 |
|
2023-08-04 01:03:37 |
|
2023-07-14 12:12:12 |
|
2023-07-14 01:03:35 |
|
2023-03-29 01:13:59 |
|
2023-03-28 12:03:41 |
|
2023-02-13 09:29:10 |
|
2023-02-02 21:28:52 |
|
2022-10-11 12:10:53 |
|
2022-10-11 01:03:23 |
|
2022-02-01 01:08:27 |
|
2021-05-23 12:06:53 |
|
2021-05-05 01:07:15 |
|
2021-05-04 12:12:03 |
|
2021-04-22 01:12:47 |
|
2021-04-10 12:06:27 |
|
2020-09-10 01:05:19 |
|
2020-08-14 21:23:05 |
|
2020-05-23 01:42:13 |
|
2020-05-23 00:25:58 |
|
2019-07-27 12:03:04 |
|
2019-07-18 12:03:08 |
|
2017-08-17 09:23:03 |
|
2017-03-11 12:00:41 |
|
2016-04-26 19:53:11 |
|
2014-02-17 10:55:59 |
|
2013-05-10 23:27:02 |
|