CVE-2010-2249

Published Jun 30, 2010

Last updated 3 months ago

CVSS medium 6.5

Overview

Description: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 3.6
Exploitability score: 2.8
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Severity: MEDIUM

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:N/A:P

Weaknesses

nvd@nist.gov: CWE-401

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0A7768B8-2319-4AAF-B38E-A3B21A37B0FE",
            "versionEndExcluding": "1.2.44"
          },
          {
            "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "13C02A4C-7A19-4F0D-A192-C031833576D6",
            "versionEndExcluding": "1.4.3",
            "versionStartIncluding": "1.4.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BE850901-4B2A-4C98-836A-40683CB02FB4",
            "versionEndExcluding": "10.2"
          },
          {
            "criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57A2B591-583F-4644-A900-4890FEFEE18C",
            "versionEndExcluding": "5.0.4"
          },
          {
            "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3D97C1BD-57D8-4131-B437-6BA9F41C8F50",
            "versionEndIncluding": "4.1",
            "versionStartIncluding": "2.0"
          },
          {
            "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "407115F2-CC65-448B-8133-D3D57AD306BA",
            "versionEndExcluding": "4.1.0"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"
          },
          {
            "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"
          },
          {
            "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "926563F5-E868-4E88-A1F8-B29624FB2438",
            "versionEndExcluding": "2.5.5",
            "versionStartIncluding": "2.5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F01F27AB-A8F6-455B-9495-821520435771",
            "versionEndExcluding": "3.1.2",
            "versionStartIncluding": "3.1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "894BC4D6-EBB6-4743-A860-170D7D31196A",
            "versionEndExcluding": "6.5.5",
            "versionStartIncluding": "6.5.0"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D23900B-C027-44C5-B912-9F7F71C7EBD1",
            "versionEndExcluding": "7.1.2",
            "versionStartIncluding": "7.1"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0507E91-567A-41D6-A7E5-5088A39F75FB"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"
          },
          {
            "criteria": "cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01EDA41C-6B2E-49AF-B503-EB3882265C11"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References