CyberSec.Space Logo
Back to CVE Browser

CVE-2010-1205

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1980%
EPSS Percentile18.73th
PublishedJun 30, 2010
Last ModifiedApr 29, 2026

Vulnerability Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Affected Platforms (CPE)

πŸ“¦
Libpng

Libpng

< 1.2.44
πŸ“¦
Libpng

Libpng

>= 1.4.0 and < 1.4.3
πŸ“¦
Google

Chrome

< 5.0.375.99
πŸ“¦
Apple

Itunes

< 10.2
πŸ“¦
Apple

Safari

< 5.0.4
πŸ’»
Apple

Iphone Os

>= 2.0 and <= 4.1
πŸ’»
Apple

Mac Os X

>= 10.6.0 and < 10.6.4
πŸ’»
Apple

Mac Os X Server

>= 10.6.0 and < 10.6.4
πŸ’»
Fedoraproject

Fedora

= 12
πŸ’»
Fedoraproject

Fedora

= 13
πŸ’»
Opensuse

Opensuse

= 11.1
πŸ’»
Opensuse

Opensuse

= 11.2
πŸ’»
Suse

Linux Enterprise Server

= 9
πŸ’»
Suse

Linux Enterprise Server

= 10
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ’»
Suse

Linux Enterprise Server

= 11
πŸ“¦
Vmware

Player

>= 2.5 and < 2.5.5
πŸ“¦
Vmware

Player

>= 3.1 and < 3.1.2
πŸ“¦
Vmware

Workstation

>= 6.5.0 and < 6.5.5
πŸ“¦
Vmware

Workstation

>= 7.1 and < 7.1.2
πŸ’»
Canonical

Ubuntu Linux

= 6.06
πŸ’»
Canonical

Ubuntu Linux

= 8.04
πŸ’»
Canonical

Ubuntu Linux

= 9.04
πŸ’»
Canonical

Ubuntu Linux

= 9.10
πŸ’»
Canonical

Ubuntu Linux

= 10.04
πŸ’»
Debian

Debian Linux

= 5.0
πŸ“¦
Mozilla

Firefox

< 3.5.11
πŸ“¦
Mozilla

Firefox

>= 3.5.12 and < 3.6.7
πŸ“¦
Mozilla

Seamonkey

< 2.0.6
πŸ“¦
Mozilla

Thunderbird

< 3.0.6
πŸ“¦
Mozilla

Thunderbird

>= 3.0.7 and < 3.1.1

References & Advisories

πŸ”— http://blackberry.com/btsc/KB27244
πŸ”— http://code.google.com/p/chromium/issues/detail?id=45983
πŸ”— http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
πŸ”— http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
πŸ”— http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
πŸ”— http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
πŸ”— http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
πŸ”— http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

Related Vulnerabilities

CVE-2004-059710.0

Multiple buffer overflows in libpng 1.2.5 and earlier, as used in multiple products, allow remote attackers to execute arbitrary c...

CVE-2016-104249.8

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon ...

CVE-2017-126529.8

libpng before 1.6.32 does not properly check the length of chunks against the user limit.

CVE-2018-145508.8

An issue has been found in third-party PNM decoding associated with libpng 1.6.35. It is a stack-based buffer overflow in the func...