CVE-2010-1205

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Classic Buffer Overflow
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 94%
Affected Products (NVD)
VendorProductVersion
libpnglibpng
𝑥
< 1.2.44
libpnglibpng
1.4.0 ≤
𝑥
< 1.4.3
googlechrome
𝑥
< 5.0.375.99
appleitunes
𝑥
< 10.2
applesafari
𝑥
< 5.0.4
appleiphone_os
2.0 ≤
𝑥
≤ 4.1
applemac_os_x
10.6.0 ≤
𝑥
< 10.6.4
applemac_os_x_server
10.6.0 ≤
𝑥
< 10.6.4
opensuseopensuse
11.1
opensuseopensuse
11.2
vmwareplayer
2.5 ≤
𝑥
< 2.5.5
vmwareplayer
3.1 ≤
𝑥
< 3.1.2
vmwareworkstation
6.5.0 ≤
𝑥
< 6.5.5
vmwareworkstation
7.1 ≤
𝑥
< 7.1.2
canonicalubuntu_linux
6.06
canonicalubuntu_linux
8.04
canonicalubuntu_linux
9.04
canonicalubuntu_linux
9.10
canonicalubuntu_linux
10.04
debiandebian_linux
5.0
mozillafirefox
𝑥
< 3.5.11
mozillafirefox
3.5.12 ≤
𝑥
< 3.6.7
mozillaseamonkey
𝑥
< 2.0.6
mozillathunderbird
𝑥
< 3.0.6
mozillathunderbird
3.0.7 ≤
𝑥
< 3.1.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
tuxonice-userui
bookworm/contrib
1.1+dfsg1.gc3bdd83-4
fixed
bullseye/contrib
1.1+dfsg1.gc3bdd83-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
chromium-browser
dapper
dne
hardy
dne
jaunty
dne
karmic
dne
lucid
Fixed 6.0.472.53~r57914-0ubuntu0.10.04.1
released
firefox
dapper
ignored
hardy
ignored
jaunty
dne
karmic
dne
lucid
Fixed 3.6.7+build2+nobinonly-0ubuntu0.10.04.1
released
libpng
dapper
Fixed 1.2.8rel-5ubuntu0.6
released
hardy
Fixed 1.2.15~beta5-3ubuntu0.3
released
jaunty
Fixed 1.2.27-2ubuntu2.2
released
karmic
Fixed 1.2.37-1ubuntu0.2
released
lucid
Fixed 1.2.42-1ubuntu2.1
released
thunderbird
dapper
dne
hardy
not-affected
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
Fixed 3.0.6+build2+nobinonly-0ubuntu0.10.04.1
released
xulrunner-1.9.2
dapper
dne
hardy
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2
released
jaunty
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2
released
karmic
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2
released
lucid
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
MozillaFirefox
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-devel
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-common
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 12 SP5
68.1.0-109.92.1
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 12 SP5
68.1.0-109.92.1
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaFirefox-translations-other
suse enterprise desktop 15
52.7.3-1.35
fixed
suse enterprise sap 15
52.7.3-1.35
fixed
suse enterprise server 15
52.7.3-1.35
fixed
MozillaThunderbird
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
MozillaThunderbird-devel
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise workstation 15
52.8-1.2
fixed
MozillaThunderbird-translations-common
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
MozillaThunderbird-translations-other
suse enterprise desktop 15
52.8-1.2
fixed
suse enterprise desktop 15 SP1
60.6.1-3.28.1
fixed
suse enterprise sap 15
52.8-1.2
fixed
suse enterprise sap 15 SP1
60.6.1-3.28.1
fixed
suse enterprise server 15
52.8-1.2
fixed
suse enterprise server 15 SP1
60.6.1-3.28.1
fixed
suse enterprise workstation 15
52.8-1.2
fixed
suse enterprise workstation 15 SP1
60.6.1-3.28.1
fixed
clamav
suse enterprise desktop 15 SP4
0.103.5-3.35.1
fixed
suse enterprise desktop 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise desktop 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP4
0.103.5-3.35.1
fixed
suse enterprise sap 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise sap 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP4
0.103.5-3.35.1
fixed
suse enterprise server 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise server 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
clamav-devel
suse enterprise desktop 15 SP4
0.103.5-3.35.1
fixed
suse enterprise desktop 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise desktop 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP4
0.103.5-3.35.1
fixed
suse enterprise sap 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise sap 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP4
0.103.5-3.35.1
fixed
suse enterprise server 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise server 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
clamav-docs-html
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
clamav-milter
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
libclamav12
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
libclamav9
suse enterprise desktop 15 SP4
0.103.5-3.35.1
fixed
suse enterprise desktop 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise desktop 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise sap 15 SP4
0.103.5-3.35.1
fixed
suse enterprise sap 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise sap 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise server 15 SP4
0.103.5-3.35.1
fixed
suse enterprise server 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise server 15 SP6
0.103.11-150600.16.7
fixed
libclammspack0
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
libfreshclam2
suse enterprise desktop 15 SP4
0.103.5-3.35.1
fixed
suse enterprise desktop 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise desktop 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise sap 15 SP4
0.103.5-3.35.1
fixed
suse enterprise sap 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise sap 15 SP6
0.103.11-150600.16.7
fixed
suse enterprise server 15 SP4
0.103.5-3.35.1
fixed
suse enterprise server 15 SP5
0.103.8-150000.3.44.1
fixed
suse enterprise server 15 SP6
0.103.11-150600.16.7
fixed
libfreshclam3
suse enterprise desktop 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise sap 15 SP7
1.4.2-150600.18.9.3
fixed
suse enterprise server 15 SP7
1.4.2-150600.18.9.3
fixed
libpng12-0
suse enterprise desktop 15
1.2.57-2.18
fixed
suse enterprise desktop 15 SP1
1.2.57-2.18
fixed
suse enterprise desktop 15 SP2
1.2.57-2.18
fixed
suse enterprise desktop 15 SP3
1.2.57-2.18
fixed
suse enterprise desktop 15 SP4
1.2.57-2.18
fixed
suse enterprise desktop 15 SP5
1.2.57-2.18
fixed
suse enterprise desktop 15 SP6
1.2.57-2.18
fixed
suse enterprise desktop 15 SP7
1.2.57-2.18
fixed
suse enterprise sap 12 SP5
1.2.50-19.1
fixed
suse enterprise sap 15
1.2.57-2.18
fixed
suse enterprise sap 15 SP1
1.2.57-2.18
fixed
suse enterprise sap 15 SP2
1.2.57-2.18
fixed
suse enterprise sap 15 SP3
1.2.57-2.18
fixed
suse enterprise sap 15 SP4
1.2.57-2.18
fixed
suse enterprise sap 15 SP5
1.2.57-2.18
fixed
suse enterprise sap 15 SP6
1.2.57-2.18
fixed
suse enterprise sap 15 SP7
1.2.57-2.18
fixed
suse enterprise server 12 SP5
1.2.50-19.1
fixed
suse enterprise server 15
1.2.57-2.18
fixed
suse enterprise server 15 SP1
1.2.57-2.18
fixed
suse enterprise server 15 SP2
1.2.57-2.18
fixed
suse enterprise server 15 SP3
1.2.57-2.18
fixed
suse enterprise server 15 SP4
1.2.57-2.18
fixed
suse enterprise server 15 SP5
1.2.57-2.18
fixed
suse enterprise server 15 SP6
1.2.57-2.18
fixed
suse enterprise server 15 SP7
1.2.57-2.18
fixed
libpng12-0-32bit
suse enterprise sap 12 SP5
1.2.50-19.1
fixed
suse enterprise server 12 SP5
1.2.50-19.1
fixed
libpng12-devel
suse enterprise desktop 15
1.2.57-2.18
fixed
suse enterprise desktop 15 SP1
1.2.57-2.18
fixed
suse enterprise desktop 15 SP2
1.2.57-2.18
fixed
suse enterprise desktop 15 SP3
1.2.57-2.18
fixed
suse enterprise desktop 15 SP4
1.2.57-2.18
fixed
suse enterprise desktop 15 SP5
1.2.57-2.18
fixed
suse enterprise desktop 15 SP6
1.2.57-2.18
fixed
suse enterprise desktop 15 SP7
1.2.57-2.18
fixed
suse enterprise sap 15
1.2.57-2.18
fixed
suse enterprise sap 15 SP1
1.2.57-2.18
fixed
suse enterprise sap 15 SP2
1.2.57-2.18
fixed
suse enterprise sap 15 SP3
1.2.57-2.18
fixed
suse enterprise sap 15 SP4
1.2.57-2.18
fixed
suse enterprise sap 15 SP5
1.2.57-2.18
fixed
suse enterprise sap 15 SP6
1.2.57-2.18
fixed
suse enterprise sap 15 SP7
1.2.57-2.18
fixed
suse enterprise server 15
1.2.57-2.18
fixed
suse enterprise server 15 SP1
1.2.57-2.18
fixed
suse enterprise server 15 SP2
1.2.57-2.18
fixed
suse enterprise server 15 SP3
1.2.57-2.18
fixed
suse enterprise server 15 SP4
1.2.57-2.18
fixed
suse enterprise server 15 SP5
1.2.57-2.18
fixed
suse enterprise server 15 SP6
1.2.57-2.18
fixed
suse enterprise server 15 SP7
1.2.57-2.18
fixed
libpng15-15
suse enterprise sap 12 SP5
1.5.22-9.1
fixed
suse enterprise server 12 SP5
1.5.22-9.1
fixed
libpng16-16
suse enterprise desktop 15
1.6.34-1.19
fixed
suse enterprise desktop 15 SP1
1.6.34-1.19
fixed
suse enterprise sap 12 SP5
1.6.8-14.1
fixed
suse enterprise sap 15
1.6.34-1.19
fixed
suse enterprise sap 15 SP1
1.6.34-1.19
fixed
suse enterprise server 12 SP5
1.6.8-14.1
fixed
suse enterprise server 15
1.6.34-1.19
fixed
suse enterprise server 15 SP1
1.6.34-1.19
fixed
libpng16-16-32bit
suse enterprise desktop 15
1.6.34-1.19
fixed
suse enterprise desktop 15 SP1
1.6.34-1.19
fixed
suse enterprise sap 12 SP5
1.6.8-14.1
fixed
suse enterprise sap 15
1.6.34-1.19
fixed
suse enterprise sap 15 SP1
1.6.34-1.19
fixed
suse enterprise server 12 SP5
1.6.8-14.1
fixed
suse enterprise server 15
1.6.34-1.19
fixed
suse enterprise server 15 SP1
1.6.34-1.19
fixed
libpng16-compat-devel
suse enterprise desktop 15
1.6.34-1.19
fixed
suse enterprise desktop 15 SP1
1.6.34-1.19
fixed
suse enterprise sap 15
1.6.34-1.19
fixed
suse enterprise sap 15 SP1
1.6.34-1.19
fixed
suse enterprise server 15
1.6.34-1.19
fixed
suse enterprise server 15 SP1
1.6.34-1.19
fixed
libpng16-devel
suse enterprise desktop 15
1.6.34-1.19
fixed
suse enterprise desktop 15 SP1
1.6.34-1.19
fixed
suse enterprise sap 15
1.6.34-1.19
fixed
suse enterprise sap 15 SP1
1.6.34-1.19
fixed
suse enterprise server 15
1.6.34-1.19
fixed
suse enterprise server 15 SP1
1.6.34-1.19
fixed
Common Weakness Enumeration
References
http://blackberry.com/btsc/KB27244
http://code.google.com/p/chromium/issues/detail?id=45983
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/40302
http://secunia.com/advisories/40336
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/41574
http://secunia.com/advisories/42314
http://secunia.com/advisories/42317
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
http://support.apple.com/kb/HT4312
http://support.apple.com/kb/HT4435
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4457
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4566
http://trac.webkit.org/changeset/61816
http://www.debian.org/security/2010/dsa-2072
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.securityfocus.com/bid/41174
http://www.ubuntu.com/usn/USN-960-1
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/1612
http://www.vupen.com/english/advisories/2010/1637
http://www.vupen.com/english/advisories/2010/1755
http://www.vupen.com/english/advisories/2010/1837
http://www.vupen.com/english/advisories/2010/1846
http://www.vupen.com/english/advisories/2010/1877
http://www.vupen.com/english/advisories/2010/2491
http://www.vupen.com/english/advisories/2010/3045
http://www.vupen.com/english/advisories/2010/3046
https://bugs.webkit.org/show_bug.cgi?id=40798
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
https://bugzilla.redhat.com/show_bug.cgi?id=608238
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851
http://blackberry.com/btsc/KB27244
http://code.google.com/p/chromium/issues/detail?id=45983
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://secunia.com/advisories/40302
http://secunia.com/advisories/40336
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/41574
http://secunia.com/advisories/42314
http://secunia.com/advisories/42317
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
http://support.apple.com/kb/HT4312
http://support.apple.com/kb/HT4435
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4457
http://support.apple.com/kb/HT4554
http://support.apple.com/kb/HT4566
http://trac.webkit.org/changeset/61816
http://www.debian.org/security/2010/dsa-2072
http://www.libpng.org/pub/png/libpng.html
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
http://www.securityfocus.com/bid/41174
http://www.ubuntu.com/usn/USN-960-1
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/1612
http://www.vupen.com/english/advisories/2010/1637
http://www.vupen.com/english/advisories/2010/1755
http://www.vupen.com/english/advisories/2010/1837
http://www.vupen.com/english/advisories/2010/1846
http://www.vupen.com/english/advisories/2010/1877
http://www.vupen.com/english/advisories/2010/2491
http://www.vupen.com/english/advisories/2010/3045
http://www.vupen.com/english/advisories/2010/3046
https://bugs.webkit.org/show_bug.cgi?id=40798
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
https://bugzilla.redhat.com/show_bug.cgi?id=608238
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851