fkie_nvd - fkie_cve-2010-0205

fkie_cve-2010-0205

Vulnerability from fkie_nvd

Published

2010-03-03 19:30

Modified

2025-04-11 00:51

Severity ?

Summary

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

References

URL	Tags
cret@cert.org	http://libpng.sourceforge.net/ADVISORY-1.4.1.html	Third Party Advisory
cret@cert.org	http://libpng.sourceforge.net/decompression_bombs.html	Third Party Advisory
cret@cert.org	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List, Third Party Advisory
cret@cert.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html	Third Party Advisory
cret@cert.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html	Third Party Advisory
cret@cert.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html	Third Party Advisory
cret@cert.org	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html	Third Party Advisory
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Mailing List, Third Party Advisory
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	Mailing List, Third Party Advisory
cret@cert.org	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Mailing List
cret@cert.org	http://lists.vmware.com/pipermail/security-announce/2010/000105.html	Third Party Advisory
cret@cert.org	http://osvdb.org/62670	Broken Link
cret@cert.org	http://secunia.com/advisories/38774	Third Party Advisory
cret@cert.org	http://secunia.com/advisories/39251	Third Party Advisory
cret@cert.org	http://secunia.com/advisories/41574	Third Party Advisory
cret@cert.org	http://support.apple.com/kb/HT4435	Broken Link
cret@cert.org	http://ubuntu.com/usn/usn-913-1	Third Party Advisory
cret@cert.org	http://www.debian.org/security/2010/dsa-2032	Third Party Advisory
cret@cert.org	http://www.kb.cert.org/vuls/id/576029	Third Party Advisory, US Government Resource
cret@cert.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:063	Third Party Advisory
cret@cert.org	http://www.mandriva.com/security/advisories?name=MDVSA-2010:064	Third Party Advisory
cret@cert.org	http://www.securityfocus.com/bid/38478	Patch, Third Party Advisory, VDB Entry
cret@cert.org	http://www.securitytracker.com/id?1023674	Third Party Advisory, VDB Entry
cret@cert.org	http://www.vmware.com/security/advisories/VMSA-2010-0014.html	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0517	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0605	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0626	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0637	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0667	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0682	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0686	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/0847	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/1107	Third Party Advisory
cret@cert.org	http://www.vupen.com/english/advisories/2010/2491	Third Party Advisory
cret@cert.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/56661	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://libpng.sourceforge.net/ADVISORY-1.4.1.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://libpng.sourceforge.net/decompression_bombs.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html	Mailing List
af854a3a-2127-422b-91ae-364da2661108	http://lists.vmware.com/pipermail/security-announce/2010/000105.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://osvdb.org/62670	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/38774	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/39251	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/41574	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT4435	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://ubuntu.com/usn/usn-913-1	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2010/dsa-2032	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.kb.cert.org/vuls/id/576029	Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:063	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2010:064	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/38478	Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1023674	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.vmware.com/security/advisories/VMSA-2010-0014.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0517	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0605	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0626	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0637	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0667	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0682	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0686	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/0847	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/1107	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2010/2491	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/56661	Third Party Advisory, VDB Entry

Impacted products

Vendor	Product	Version
libpng	libpng	*
libpng	libpng	*
libpng	libpng	*
apple	mac_os_x	*
fedoraproject	fedora	11
fedoraproject	fedora	12
fedoraproject	fedora	13
opensuse	opensuse	11.0
opensuse	opensuse	11.1
opensuse	opensuse	11.2
suse	linux_enterprise_server	9
suse	linux_enterprise_server	10
suse	linux_enterprise_server	11
suse	linux_enterprise_server	11
canonical	ubuntu_linux	6.06
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
canonical	ubuntu_linux	9.04
canonical	ubuntu_linux	9.10
debian	debian_linux	5.0
debian	debian_linux	6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3110AADE-22CC-4BF0-A45B-4884DC412622",
              "versionEndExcluding": "1.0.53",
              "versionStartIncluding": "1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "376224B7-C526-4A78-95A4-034BD437E52B",
              "versionEndExcluding": "1.2.43",
              "versionStartIncluding": "1.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE8989E-12D3-4C9E-9BE3-D992533152F3",
              "versionEndExcluding": "1.4.1",
              "versionStartIncluding": "1.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E5D24A-8CA0-4590-9F35-F684D573D030",
              "versionEndExcluding": "10.6.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*",
              "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*",
              "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*",
              "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representaci\u00f3n descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicaci\u00f3n) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del m\u00e9todo de decompresi\u00f3n con datos con muchas ocurrencias del mismo caracter, en relaci\u00f3n con un ataque \"decompression bomb\" (bomba de descompresi\u00f3n)."
    }
  ],
  "id": "CVE-2010-0205",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2010-03-03T19:30:00.493",
  "references": [
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://libpng.sourceforge.net/decompression_bombs.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/62670"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38774"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/39251"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41574"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-913-1"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2032"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/576029"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/38478"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1023674"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0517"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0605"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0626"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0637"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0667"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0682"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0686"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0847"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2491"
    },
    {
      "source": "cret@cert.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://libpng.sourceforge.net/decompression_bombs.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://osvdb.org/62670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/38774"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/39251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://secunia.com/advisories/41574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://support.apple.com/kb/HT4435"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://ubuntu.com/usn/usn-913-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2010/dsa-2032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/576029"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/38478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id?1023674"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0517"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0605"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0637"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0682"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0686"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/0847"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/1107"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.vupen.com/english/advisories/2010/2491"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
    }
  ],
  "sourceIdentifier": "cret@cert.org",
  "vendorComments": [
    {
      "comment": "This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.",
      "lastModified": "2010-07-14T00:00:00",
      "organization": "Red Hat"
    }
  ],
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2010-0205 (GCVE-0-2010-0205)

Vulnerability from cvelistv5

Published

2010-03-03 19:00