CVE-2010-2249 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	NONE	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
redhat	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 80%

Vendor	Product	Version
libpng	libpng	𝑥 < 1.2.44
libpng	libpng	1.4.0 ≤ 𝑥 < 1.4.3
apple	itunes	𝑥 < 10.2
apple	safari	𝑥 < 5.0.4
apple	iphone_os	2.0 ≤ 𝑥 ≤ 4.1
apple	tvos	𝑥 < 4.1.0
opensuse	opensuse	11.1
opensuse	opensuse	11.2
vmware	player	2.5 ≤ 𝑥 < 2.5.5
vmware	player	3.1 ≤ 𝑥 < 3.1.2
vmware	workstation	6.5.0 ≤ 𝑥 < 6.5.5
vmware	workstation	7.1 ≤ 𝑥 < 7.1.2
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
canonical	ubuntu_linux	10.04
debian	debian_linux	5.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

tuxonice-userui

bookworm/contrib	1.1+dfsg1.gc3bdd83-4 fixed
bullseye/contrib	1.1+dfsg1.gc3bdd83-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

chromium-browser

maverick	ignored
lucid	ignored
karmic	dne
jaunty	dne
hardy	dne
dapper	dne

firefox

maverick	ignored
lucid	ignored
karmic	dne
jaunty	dne
hardy	ignored
dapper	ignored

libpng

maverick	not-affected
lucid	Fixed 1.2.42-1ubuntu2.1 released
karmic	Fixed 1.2.37-1ubuntu0.2 released
jaunty	Fixed 1.2.27-2ubuntu2.2 released
hardy	Fixed 1.2.15~beta5-3ubuntu0.3 released
dapper	Fixed 1.2.8rel-5ubuntu0.6 released

Common Weakness Enumeration

CWE-401 - Missing Release of Memory after Effective Lifetime
The software does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://lists.vmware.com/pipermail/security-announce/2010/000105.html

http://secunia.com/advisories/40302

http://secunia.com/advisories/40336

http://secunia.com/advisories/40472

http://secunia.com/advisories/40547

http://secunia.com/advisories/41574

http://secunia.com/advisories/42314

http://secunia.com/advisories/42317

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061

http://support.apple.com/kb/HT4435

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4457

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4566

http://www.debian.org/security/2010/dsa-2072

http://www.libpng.org/pub/png/libpng.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:133

http://www.securityfocus.com/bid/41174

http://www.securitytracker.com/id?1024723

http://www.ubuntu.com/usn/USN-960-1

http://www.vmware.com/security/advisories/VMSA-2010-0014.html

http://www.vupen.com/english/advisories/2010/1612

http://www.vupen.com/english/advisories/2010/1637

http://www.vupen.com/english/advisories/2010/1755

http://www.vupen.com/english/advisories/2010/1837

http://www.vupen.com/english/advisories/2010/1846

http://www.vupen.com/english/advisories/2010/1877

http://www.vupen.com/english/advisories/2010/2491

http://www.vupen.com/english/advisories/2010/3045

http://www.vupen.com/english/advisories/2010/3046

https://bugzilla.redhat.com/show_bug.cgi?id=608644

https://exchange.xforce.ibmcloud.com/vulnerabilities/59816

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html

http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html

http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

http://lists.vmware.com/pipermail/security-announce/2010/000105.html

http://secunia.com/advisories/40302

http://secunia.com/advisories/40336

http://secunia.com/advisories/40472

http://secunia.com/advisories/40547

http://secunia.com/advisories/41574

http://secunia.com/advisories/42314

http://secunia.com/advisories/42317

http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061

http://support.apple.com/kb/HT4435

http://support.apple.com/kb/HT4456

http://support.apple.com/kb/HT4457

http://support.apple.com/kb/HT4554

http://support.apple.com/kb/HT4566

http://www.debian.org/security/2010/dsa-2072

http://www.libpng.org/pub/png/libpng.html

http://www.mandriva.com/security/advisories?name=MDVSA-2010:133

http://www.securityfocus.com/bid/41174

http://www.securitytracker.com/id?1024723

http://www.ubuntu.com/usn/USN-960-1

http://www.vmware.com/security/advisories/VMSA-2010-0014.html

http://www.vupen.com/english/advisories/2010/1612

http://www.vupen.com/english/advisories/2010/1637

http://www.vupen.com/english/advisories/2010/1755

http://www.vupen.com/english/advisories/2010/1837

http://www.vupen.com/english/advisories/2010/1846

http://www.vupen.com/english/advisories/2010/1877

http://www.vupen.com/english/advisories/2010/2491

http://www.vupen.com/english/advisories/2010/3045

http://www.vupen.com/english/advisories/2010/3046

https://bugzilla.redhat.com/show_bug.cgi?id=608644

https://exchange.xforce.ibmcloud.com/vulnerabilities/59816