Veracode Vulnerability DatabaseVERACODE:24015Denial Of Service (DoS)
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
libpng is vulnerable to denial of service (DoS). The vulnerability exists as a memory leak flaw was found in the way applications using the libpng library decoded PNG images that use the Physical Scale (sCAL) extension. An attacker could create a specially-crafted PNG image that could cause an application using libpng to exhaust all available memory and possibly crash or exit.
| CPE | Name | Operator | Version |
|---|---|---|---|
| libpng | eq | 1.2.7__1.el4.2 | |
| libpng | eq | 1.2.7__1.el4.2 |
References
libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20
libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20
lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
lists.vmware.com/pipermail/security-announce/2010/000105.html
secunia.com/advisories/40302
secunia.com/advisories/40336
secunia.com/advisories/40472
secunia.com/advisories/40547
secunia.com/advisories/41574
secunia.com/advisories/42314
secunia.com/advisories/42317
slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
support.apple.com/kb/HT4435
support.apple.com/kb/HT4456
support.apple.com/kb/HT4457
support.apple.com/kb/HT4554
support.apple.com/kb/HT4566
www.debian.org/security/2010/dsa-2072
www.libpng.org/pub/png/libpng.html
www.mandriva.com/security/advisories?name=MDVSA-2010:133
www.redhat.com/security/updates/classification/#important
www.securityfocus.com/bid/41174
www.securitytracker.com/id?1024723
www.ubuntu.com/usn/USN-960-1
www.vmware.com/security/advisories/VMSA-2010-0014.html
www.vupen.com/english/advisories/2010/1612
www.vupen.com/english/advisories/2010/1637
www.vupen.com/english/advisories/2010/1755
www.vupen.com/english/advisories/2010/1837
www.vupen.com/english/advisories/2010/1846
www.vupen.com/english/advisories/2010/1877
www.vupen.com/english/advisories/2010/2491
www.vupen.com/english/advisories/2010/3045
www.vupen.com/english/advisories/2010/3046
access.redhat.com/errata/RHSA-2010:0534
access.redhat.com/security/cve/CVE-2010-2249
bugzilla.redhat.com/show_bug.cgi?id=608644
exchange.xforce.ibmcloud.com/vulnerabilities/59816
Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P