Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2010-1205Classic Buffer Overflow in Libpng

CWE-120Classic Buffer Overflow14 documents9 sources
Severity
9.8CRITICALNVD
EPSS
15.2%
top 5.38%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
17
Apple ItunesApple MAC OS XApple MAC OS X Server+14 more
Timeline
PublishedJun 30
Latest updateMay 2

Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages14 packages

NVDlibpng/libpng1.4.01.4.3+1
NVDapple/itunes< 10.2
NVDapple/safari< 5.0.4
NVDgoogle/chrome< 5.0.375.99
NVDvmware/player2.52.5.5+1

Also affects: Debian Linux 5.0, Fedora 12, 13, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: lists.vmware.comPatch: slackware.comPatch: trac.webkit.org

🔴Vulnerability Details

3
GHSA
GHSA-qq2m-25fj-pxvm: Buffer overflow in pngpread2022-05-02
OSV
CVE-2010-1205: Buffer overflow in pngpread2010-06-30
CVEList
CVE-2010-1205: Buffer overflow in pngpread2010-06-30

💥Exploits & PoCs

1
Exploit-DB
libpng 1.4.2 - Denial of Service2010-07-20

📋Vendor Advisories

6
Ubuntu
Thunderbird vulnerabilities2010-07-26
Ubuntu
Firefox and Xulrunner vulnerabilities2010-07-23
Ubuntu
Firefox and Xulrunner vulnerabilities2010-07-23
Ubuntu
libpng vulnerabilities2010-07-08
Red Hat
libpng: out-of-bounds memory write2010-06-25

💬Community

3
Bugzilla
CVE-2010-1205 CVE-2010-2249 mingw32-libpng various flaws [fedora-all]2010-06-29
Bugzilla
CVE-2010-1205 CVE-2010-2249 libpng various flaws [fedora-all]2010-06-29
Bugzilla
CVE-2010-1205 libpng: out-of-bounds memory write2010-06-26
CVE-2010-1205 — Classic Buffer Overflow in Libpng | cvebase