CVE-2010-1205
Published: 30 June 2010
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
chromium-browser Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Does not exist
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(6.0.472.53~r57914-0ubuntu0.10.04.1)
|
|
| upstream |
Released
(5.0.375.99)
|
|
|
firefox Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
| hardy |
Ignored
(end of life)
|
|
| jaunty |
Does not exist
|
|
| karmic |
Does not exist
|
|
| lucid |
Released
(3.6.7+build2+nobinonly-0ubuntu0.10.04.1)
|
|
| upstream |
Needs triage
|
|
|
libpng Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.8rel-5ubuntu0.6)
|
| hardy |
Released
(1.2.15~beta5-3ubuntu0.3)
|
|
| jaunty |
Released
(1.2.27-2ubuntu2.2)
|
|
| karmic |
Released
(1.2.37-1ubuntu0.2)
|
|
| lucid |
Released
(1.2.42-1ubuntu2.1)
|
|
| upstream |
Released
(1.2.44,1.4.3)
|
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Not vulnerable
|
|
| intrepid |
Not vulnerable
|
|
| jaunty |
Not vulnerable
|
|
| karmic |
Not vulnerable
|
|
| lucid |
Released
(3.0.6+build2+nobinonly-0ubuntu0.10.04.1)
|
|
| upstream |
Released
(3.0.6)
|
|
|
xulrunner-1.9.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
| hardy |
Released
(1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2)
|
|
| jaunty |
Released
(1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2)
|
|
| karmic |
Released
(1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2)
|
|
| lucid |
Released
(1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1)
|
|
| upstream |
Needs triage
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 9.8 |
| Attack vector | Network |
| Attack complexity | Low |
| Privileges required | None |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- http://www.libpng.org/pub/png/libpng.html
- http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
- https://ubuntu.com/security/notices/USN-960-1
- https://ubuntu.com/security/notices/USN-930-4
- https://ubuntu.com/security/notices/USN-957-1
- https://ubuntu.com/security/notices/USN-958-1
- https://www.cve.org/CVERecord?id=CVE-2010-1205
- NVD
- Launchpad
- Debian