CVE-2010-2249: Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and…

CVE-2010-0205 [LOW] VMware Workstation, Player, and ACE address several security issues. VMSA-2010-0014: VMware Workstation, Player, and ACE address several security issues. a. VMware Workstation and Player installer security issue The Workstation 7.x and Player 3.x installers will load an index.htm file located in the current working directory on which Workstation 7.x or Player 3.x is being installed. This may allow an attacker to display a malicious file if they manage to get their file onto the system prior to installation. The issue can only be exploited at the time that Workstation 7.x or Player 3.x is being installed. Installed versions of Workstation and Player are not affected. The security issue is no longer present in the installer of the new versions of Workstation 7.x and Player 3.x (see table below for the version numbers). The Common Vulnerabilities and Exposure

CVE-2010-2249 [CRITICAL] libpng vulnerabilities Title: libpng vulnerabilities It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2010-1205) It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service. (CVE-2010-2249) Instructions: After a standard system update you need to reboot your computer to make all the necessary changes.

CVE-2010-2249 [MEDIUM] CWE-401 libpng: Memory leak when processing Physical Scale (sCAL) images libpng: Memory leak when processing Physical Scale (sCAL) images Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Package: libpng (Red Hat Enterprise Linux 6) - Not affected

CVE-2010-2249 [MEDIUM] CVE-2010-2249: tuxonice-userui - Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allow... Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Scope: local bookworm: resolved (fixed in 1.0-1) bullseye: resolved (fixed in 1.0-1)

CVE-2010-2249 [MEDIUM] CWE-401 GHSA-2r3r-854p-xjfr: Memory leak in pngrutil Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVE-2010-2249 [MEDIUM] CVE-2010-2249: Memory leak in pngrutil Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVE-2010-1205 [CRITICAL] CVE-2010-1205 CVE-2010-2249 mingw32-libpng various flaws [fedora-all] CVE-2010-1205 CVE-2010-2249 mingw32-libpng various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. Forr more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=608644 Please note: this issue affects multiple sup

CVE-2010-1205 [CRITICAL] CVE-2010-1205 CVE-2010-2249 libpng various flaws [fedora-all] CVE-2010-1205 CVE-2010-2249 libpng various flaws [fedora-all] This is an automatically created tracking bug! It was created to ensure that one or more security vulnerabilities are fixed in affected Fedora versions. For comments that are specific to the vulnerability please use bugs filed against "Security Response" product referenced in the "Blocks" field. Forr more information see: http://fedoraproject.org/wiki/Security/TrackingBugs When creating a Bodhi update request, please include the bug IDs of the respective parent bugs filed against the "Security Response" product. Please mention CVE ids in the RPM changelog when available. Bodhi update submission link: https://admin.fedoraproject.org/updates/new/?type_=security&bugs=608644 Please note: this issue affects multiple supported v

CVE-2010-2249 [MEDIUM] CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images CVE-2010-2249 libpng: Memory leak when processing Physical Scale (sCAL) images A memory leak was found in the way libpng processed malformed Portable Network Graphics (PNG) images with Physical Scale (sCAL) extension. A remote attacker could create a specially-crafted PNG image and trick the local user into opening it in an application, using the libpng library, leading to denial of service (relevant libpng-based application crash). References: [1] http://www.libpng.org/pub/png/libpng.html CVE Request: [2] http://www.openwall.com/lists/oss-security/2010/06/28/2 Discussion: This issue affects the versions of the libpng package, as shipped with Red Hat Enteprise Linux 3, 4, and 5. This issue affects the versions of the libpng package, as shipped with Fedora release of 12 and 13. ---

One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware One Bad Apple Spoils the Barrel: Understanding the Security Risks Introduced by Third-Party Components in IoT Firmware ## Abstract Currently, the development of IoT firmware heavily depends on third-party components (TPCs) to improve development efficiency. Nevertheless, TPCs are not secure, and the vulnerabilities in TPCs will influence the security of IoT firmware. Existing works pay less attention to the vulnerabilities caused by TPCs, and we still lack a comprehensive understanding of the security impact of TPC vulnerability against firmware. To fill in the knowledge gap, we design and implement , which leverages syntactical features and control-flow graph features to detect the TPCs in firmware, and then recognizes the corresponding vulnerabilities. Based on , we present the first l