Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-2249
HistoryJun 30, 2010 - 12:00 a.m.

CVE-2010-2249

2010-06-3000:00:00
ubuntu.com
ubuntu.com
25

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.02

Percentile

88.8%

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3,
allows remote attackers to cause a denial of service (memory consumption
and application crash) via a PNG image containing malformed Physical Scale
(aka sCAL) chunks.

Bugs

Notes

Author Note
jdstrand chromium uses libpng on Ubuntu 10.04 and later firefox uses libpng on Ubuntu 10.04 and later
OSVersionArchitecturePackageVersionFilename
ubuntu6.06noarchlibpng< 1.2.8rel-5ubuntu0.6UNKNOWN
ubuntu8.04noarchlibpng< 1.2.15~beta5-3ubuntu0.3UNKNOWN
ubuntu9.04noarchlibpng< 1.2.27-2ubuntu2.2UNKNOWN
ubuntu9.10noarchlibpng< 1.2.37-1ubuntu0.2UNKNOWN
ubuntu10.04noarchlibpng< 1.2.42-1ubuntu2.1UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.02

Percentile

88.8%