Lucene search

K
cveRedhatCVE-2010-2249
HistoryJun 30, 2010 - 6:30 p.m.

CVE-2010-2249

2010-06-3018:30:01
CWE-401
redhat
web.nvd.nist.gov
80
cve-2010-2249
memory leak
libpng
denial of service
dos
scal chunk
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.02

Percentile

88.8%

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Affected configurations

Nvd
Node
libpnglibpngRange<1.2.44
OR
libpnglibpngRange1.4.01.4.3
Node
appleitunesRange<10.2
OR
applesafariRange<5.0.4
OR
appleiphone_osRange2.04.1
OR
appletvosRange<4.1.0
Node
fedoraprojectfedoraMatch12
OR
fedoraprojectfedoraMatch13
Node
opensuseopensuseMatch11.1
OR
opensuseopensuseMatch11.2
OR
suselinux_enterprise_serverMatch9
OR
suselinux_enterprise_serverMatch10sp3
OR
suselinux_enterprise_serverMatch11-
OR
suselinux_enterprise_serverMatch11sp1
Node
vmwareplayerRange2.52.5.5
OR
vmwareplayerRange3.13.1.2
OR
vmwareworkstationRange6.5.06.5.5
OR
vmwareworkstationRange7.17.1.2
Node
canonicalubuntu_linuxMatch6.06
OR
canonicalubuntu_linuxMatch8.04
OR
canonicalubuntu_linuxMatch9.04
OR
canonicalubuntu_linuxMatch9.10
OR
canonicalubuntu_linuxMatch10.04-
Node
debiandebian_linuxMatch5.0
VendorProductVersionCPE
libpnglibpng*cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
appleitunes*cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
applesafari*cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
appletvos*cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
fedoraprojectfedora12cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
fedoraprojectfedora13cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
opensuseopensuse11.1cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
opensuseopensuse11.2cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
suselinux_enterprise_server9cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
Rows per page:
1-10 of 211

References

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

AI Score

7.4

Confidence

High

EPSS

0.02

Percentile

88.8%