CVE-2010-1205

Published Jun 30, 2010
Last updated 3 months ago
CVSS critical 9.8
Overview

Description: Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Source: cve@mitre.org
NVD status: Modified
Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL
CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses

nvd@nist.gov: CWE-120
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A7768B8-2319-4AAF-B38E-A3B21A37B0FE",
            "versionEndExcluding": "1.2.44"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13C02A4C-7A19-4F0D-A192-C031833576D6",
            "versionEndExcluding": "1.4.3",
            "versionStartIncluding": "1.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D0EC41A-6188-4918-864D-A30F4C011707",
            "versionEndExcluding": "5.0.375.99"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE850901-4B2A-4C98-836A-40683CB02FB4",
            "versionEndExcluding": "10.2"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57A2B591-583F-4644-A900-4890FEFEE18C",
            "versionEndExcluding": "5.0.4"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D97C1BD-57D8-4131-B437-6BA9F41C8F50",
            "versionEndIncluding": "4.1",
            "versionStartIncluding": "2.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25512493-BB20-46B2-B40A-74E67F0797B6",
            "versionEndExcluding": "10.6.4",
            "versionStartIncluding": "10.6.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CD7461BE-1CAC-46D6-95E6-1B2DFC5A4CCF",
            "versionEndExcluding": "10.6.4",
            "versionStartIncluding": "10.6.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "926563F5-E868-4E88-A1F8-B29624FB2438",
            "versionEndExcluding": "2.5.5",
            "versionStartIncluding": "2.5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F01F27AB-A8F6-455B-9495-821520435771",
            "versionEndExcluding": "3.1.2",
            "versionStartIncluding": "3.1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "894BC4D6-EBB6-4743-A860-170D7D31196A",
            "versionEndExcluding": "6.5.5",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D23900B-C027-44C5-B912-9F7F71C7EBD1",
            "versionEndExcluding": "7.1.2",
            "versionStartIncluding": "7.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "016DCEE3-2209-4494-A1F8-58422056B29D",
            "versionEndExcluding": "3.5.11"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DDD9439-D312-4AB2-87E6-2E2154F191C1",
            "versionEndExcluding": "3.6.7",
            "versionStartIncluding": "3.5.12"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FAC42ED-38D9-4D2F-945E-B19F267B36FB",
            "versionEndExcluding": "2.0.6"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C49B7B3C-9F1D-4260-B07A-1B7B8ACE04FD",
            "versionEndExcluding": "3.0.6"
          },
          {
            "criteria": "cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "76D0ADB0-B60C-4108-AA8A-49766BEC6C01",
            "versionEndExcluding": "3.1.1",
            "versionStartIncluding": "3.0.7"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
