Your submission was sent successfully! Close

CVE-2010-2249

Published: 30 June 2010

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Priority

Medium

CVSS 3 base score: 6.5

Status

Package Release Status
chromium-browser
Launchpad, Ubuntu, Debian
dapper Does not exist

hardy Does not exist

jaunty Does not exist

karmic Does not exist

lucid Ignored
(uses system libpng)
maverick Ignored
(uses system libpng)
upstream Needs triage

firefox
Launchpad, Ubuntu, Debian
dapper Ignored
(uses system libpng)
hardy Ignored
(uses system libpng)
jaunty Does not exist

karmic Does not exist

lucid Ignored
(uses system libpng)
maverick Ignored
(uses system libpng)
upstream Needs triage

libpng
Launchpad, Ubuntu, Debian
dapper
Released (1.2.8rel-5ubuntu0.6)
hardy
Released (1.2.15~beta5-3ubuntu0.3)
jaunty
Released (1.2.27-2ubuntu2.2)
karmic
Released (1.2.37-1ubuntu0.2)
lucid
Released (1.2.42-1ubuntu2.1)
maverick Not vulnerable
(1.2.44-1)
upstream
Released (1.2.44,1.4.3)
Patches:
upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20