{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-03-01T00:00:00", "descriptions": [{"lang": "en", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "ADV-2010-0517", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0517"}, {"name": "ADV-2010-0682", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0682"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "62670", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/62670"}, {"name": "MDVSA-2010:063", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"}, {"name": "ADV-2010-0605", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0605"}, {"name": "FEDORA-2010-3414", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"}, {"name": "ADV-2010-0626", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0626"}, {"name": "ADV-2010-0686", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0686"}, {"name": "39251", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39251"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "MDVSA-2010:064", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"}, {"name": "libpng-pngdecompresschunk-dos(56661)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "USN-913-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://ubuntu.com/usn/usn-913-1"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "DSA-2032", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2010/dsa-2032"}, {"name": "41574", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "FEDORA-2010-3375", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"}, {"name": "38774", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/38774"}, {"name": "SUSE-SR:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "ADV-2010-0637", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0637"}, {"name": "VU#576029", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "http://www.kb.cert.org/vuls/id/576029"}, {"name": "FEDORA-2010-4683", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"}, {"name": "38478", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/38478"}, {"name": "ADV-2010-2491", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"}, {"name": "1023674", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id?1023674"}, {"name": "ADV-2010-0847", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0847"}, {"name": "ADV-2010-0667", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2010/0667"}, {"name": "FEDORA-2010-2988", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://libpng.sourceforge.net/decompression_bombs.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cert@cert.org", "ID": "CVE-2010-0205", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "ADV-2010-0517", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0517"}, {"name": "ADV-2010-0682", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0682"}, {"name": "http://support.apple.com/kb/HT4435", "refsource": "CONFIRM", "url": "http://support.apple.com/kb/HT4435"}, {"name": "62670", "refsource": "OSVDB", "url": "http://osvdb.org/62670"}, {"name": "MDVSA-2010:063", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"}, {"name": "ADV-2010-0605", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0605"}, {"name": "FEDORA-2010-3414", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"}, {"name": "ADV-2010-0626", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0626"}, {"name": "ADV-2010-0686", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0686"}, {"name": "39251", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39251"}, {"name": "ADV-2010-1107", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "MDVSA-2010:064", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"}, {"name": "libpng-pngdecompresschunk-dos(56661)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"}, {"name": "SUSE-SR:2010:011", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "USN-913-1", "refsource": "UBUNTU", "url": "http://ubuntu.com/usn/usn-913-1"}, {"name": "APPLE-SA-2010-11-10-1", "refsource": "APPLE", "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "SUSE-SR:2010:013", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "DSA-2032", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2010/dsa-2032"}, {"name": "41574", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "refsource": "MLIST", "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "FEDORA-2010-3375", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"}, {"name": "38774", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/38774"}, {"name": "SUSE-SR:2010:012", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "ADV-2010-0637", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0637"}, {"name": "VU#576029", "refsource": "CERT-VN", "url": "http://www.kb.cert.org/vuls/id/576029"}, {"name": "FEDORA-2010-4683", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"}, {"name": "38478", "refsource": "BID", "url": "http://www.securityfocus.com/bid/38478"}, {"name": "ADV-2010-2491", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"name": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", "refsource": "CONFIRM", "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"}, {"name": "1023674", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id?1023674"}, {"name": "ADV-2010-0847", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0847"}, {"name": "ADV-2010-0667", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2010/0667"}, {"name": "FEDORA-2010-2988", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"}, {"name": "http://libpng.sourceforge.net/decompression_bombs.html", "refsource": "CONFIRM", "url": "http://libpng.sourceforge.net/decompression_bombs.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T00:37:54.124Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"name": "ADV-2010-0517", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0517"}, {"name": "ADV-2010-0682", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0682"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://support.apple.com/kb/HT4435"}, {"name": "62670", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/62670"}, {"name": "MDVSA-2010:063", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"}, {"name": "ADV-2010-0605", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0605"}, {"name": "FEDORA-2010-3414", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"}, {"name": "ADV-2010-0626", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0626"}, {"name": "ADV-2010-0686", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0686"}, {"name": "39251", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39251"}, {"name": "ADV-2010-1107", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"name": "MDVSA-2010:064", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"}, {"name": "libpng-pngdecompresschunk-dos(56661)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"}, {"name": "SUSE-SR:2010:011", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"name": "USN-913-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://ubuntu.com/usn/usn-913-1"}, {"name": "APPLE-SA-2010-11-10-1", "tags": ["vendor-advisory", "x_refsource_APPLE", "x_transferred"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"name": "SUSE-SR:2010:013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"name": "DSA-2032", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2010/dsa-2032"}, {"name": "41574", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/41574"}, {"name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"name": "FEDORA-2010-3375", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"}, {"name": "38774", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/38774"}, {"name": "SUSE-SR:2010:012", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"name": "ADV-2010-0637", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0637"}, {"name": "VU#576029", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "http://www.kb.cert.org/vuls/id/576029"}, {"name": "FEDORA-2010-4683", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"}, {"name": "38478", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/38478"}, {"name": "ADV-2010-2491", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"}, {"name": "1023674", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id?1023674"}, {"name": "ADV-2010-0847", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0847"}, {"name": "ADV-2010-0667", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2010/0667"}, {"name": "FEDORA-2010-2988", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://libpng.sourceforge.net/decompression_bombs.html"}]}]}, "cveMetadata": {"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "assignerShortName": "certcc", "cveId": "CVE-2010-0205", "datePublished": "2010-03-03T19:00:00", "dateReserved": "2010-01-06T00:00:00", "dateUpdated": "2024-08-07T00:37:54.124Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "3110AADE-22CC-4BF0-A45B-4884DC412622", "versionEndExcluding": "1.0.53", "versionStartIncluding": "1.0.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "376224B7-C526-4A78-95A4-034BD437E52B", "versionEndExcluding": "1.2.43", "versionStartIncluding": "1.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "matchCriteriaId": "9CE8989E-12D3-4C9E-9BE3-D992533152F3", "versionEndExcluding": "1.4.1", "versionStartIncluding": "1.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "matchCriteriaId": "46E5D24A-8CA0-4590-9F35-F684D573D030", "versionEndExcluding": "10.6.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7", "vulnerable": true}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."}, {"lang": "es", "value": "La funci\u00f3n png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representaci\u00f3n descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicaci\u00f3n) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del m\u00e9todo de decompresi\u00f3n con datos con muchas ocurrencias del mismo caracter, en relaci\u00f3n con un ataque \"decompression bomb\" (bomba de descompresi\u00f3n)."}], "id": "CVE-2010-0205", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-03-03T19:30:00.493", "references": [{"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://libpng.sourceforge.net/decompression_bombs.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "cret@cert.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"source": "cret@cert.org", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://osvdb.org/62670"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38774"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39251"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/41574"}, {"source": "cret@cert.org", "tags": ["Broken Link"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://ubuntu.com/usn/usn-913-1"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2032"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/576029"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"}, {"source": "cret@cert.org", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/38478"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1023674"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0517"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0605"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0626"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0637"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0667"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0682"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0686"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0847"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"source": "cret@cert.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://libpng.sourceforge.net/decompression_bombs.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://osvdb.org/62670"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/38774"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/39251"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://secunia.com/advisories/41574"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Broken Link"], "url": "http://support.apple.com/kb/HT4435"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://ubuntu.com/usn/usn-913-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2010/dsa-2032"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "http://www.kb.cert.org/vuls/id/576029"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/38478"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id?1023674"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0517"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0605"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0626"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0637"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0667"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0686"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/0847"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/1107"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.vupen.com/english/advisories/2010/2491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"}], "sourceIdentifier": "cret@cert.org", "vendorComments": [{"comment": "This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.", "lastModified": "2010-07-14T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-400"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2010:0534", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "libpng-2:1.2.2-30", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2010-07-14T00:00:00Z"}, {"advisory": "RHSA-2010:0534", "cpe": "cpe:/o:redhat:enterprise_linux:3", "package": "libpng10-0:1.0.13-21", "product_name": "Red Hat Enterprise Linux 3", "release_date": "2010-07-14T00:00:00Z"}, {"advisory": "RHSA-2010:0534", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "libpng-2:1.2.7-3.el4_8.3", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-07-14T00:00:00Z"}, {"advisory": "RHSA-2010:0534", "cpe": "cpe:/o:redhat:enterprise_linux:4", "package": "libpng10-0:1.0.16-3.el4_8.4", "product_name": "Red Hat Enterprise Linux 4", "release_date": "2010-07-14T00:00:00Z"}, {"advisory": "RHSA-2010:0534", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "libpng-2:1.2.10-7.1.el5_5.3", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2010-07-14T00:00:00Z"}], "bugzilla": {"description": "libpng: excessive memory consumption due to highly compressed huge ancillary chunk", "id": "566234", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=566234"}, "csaw": false, "cvss": {"cvss_base_score": "4.3", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "status": "verified"}, "cwe": "CWE-409->CWE-400", "details": ["The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."], "name": "CVE-2010-0205", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "libpng", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2010-03-01T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2010-0205\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-0205"], "threat_severity": "Moderate"}

{}