CVE-2010-0205
Published: 3 March 2010
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
Priority
Status
Package | Release | Status |
---|---|---|
firefox Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
libpng Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.8rel-5ubuntu0.5)
|
hardy |
Released
(1.2.15~beta5-3ubuntu0.2)
|
|
intrepid |
Released
(1.2.27-1ubuntu0.2)
|
|
jaunty |
Released
(1.2.27-2ubuntu2.1)
|
|
karmic |
Released
(1.2.37-1ubuntu0.1)
|
|
upstream |
Released
(1.4.1)
|
|
Patches: upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=a2cde53c878054847a57c2c793febcaf78f823e0#patch3 |