CVE-2010-2249

CWE-401Memory Leak10 documents8 sources
Severity
6.5MEDIUM
EPSS
1.6%
top 18.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
12
Apple ItunesApple SafariApple Tvos+9 more
Timeline
PublishedJun 30
Latest updateMay 13

Description

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages10 packages

NVDlibpng/libpng1.4.01.4.3+1
NVDapple/tvos< 4.1.0
NVDapple/itunes< 10.2
NVDapple/safari< 5.0.4
NVDvmware/player2.52.5.5+1

Also affects: Debian Linux 5.0, Fedora 12, 13, Ubuntu Linux 10.04, 6.06, 8.04, 9.04, 9.10

Patches

Patch: slackware.comPatch: www.securityfocus.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-2r3r-854p-xjfr: Memory leak in pngrutil2022-05-13
CVEList
CVE-2010-2249: Memory leak in pngrutil2010-06-30
OSV
CVE-2010-2249: Memory leak in pngrutil2010-06-30

📋Vendor Advisories

3
Ubuntu
libpng vulnerabilities2010-07-08
Red Hat
libpng: Memory leak when processing Physical Scale (sCAL) images2010-06-25
Debian
CVE-2010-2249: tuxonice-userui - Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allow...2010

💬Community

3
Bugzilla
CVE-2010-1205 CVE-2010-2249 mingw32-libpng various flaws [fedora-all]2010-06-29
Bugzilla
CVE-2010-1205 CVE-2010-2249 libpng various flaws [fedora-all]2010-06-29
Bugzilla
CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images2010-06-28
CVE-2010-2249 (MEDIUM CVSS 6.5) | Memory leak in pngrutil.c in libpng | cvebase.io