Lucene search

K
osvGoogleOSV:DSA-2072-1
HistoryJul 19, 2010 - 12:00 a.m.

libpng - several vulnerabilities

2010-07-1900:00:00
Google
osv.dev
20

EPSS

0.702

Percentile

98.1%

Several vulnerabilities have been discovered in libpng, a library for
reading and writing PNG files. The Common Vulnerabilities and
Exposures project identifies the following problems:

  • CVE-2010-1205
    It was discovered a buffer overflow in libpng which allows remote
    attackers to execute arbitrary code via a PNG image that triggers
    an additional data row.
  • CVE-2010-2249
    It was discovered a memory leak in libpng which allows remote
    attackers to cause a denial of service (memory consumption and
    application crash) via a PNG image containing malformed Physical
    Scale (aka sCAL) chunks.

For the stable distribution (lenny), these problems have been fixed in
version 1.2.27-2+lenny4.

For the testing (squeeze) and unstable (sid) distribution, these
problems have been fixed in version 1.2.44-1.

We recommend that you upgrade your libpng package.