CVE-2010-0205

{"id": "CVE-2010-0205", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2010-03-03T19:30:00.493", "references": [{"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://libpng.sourceforge.net/decompression_bombs.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "tags": ["Mailing List"], "source": "cret@cert.org"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://osvdb.org/62670", "tags": ["Broken Link"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/38774", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/39251", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://secunia.com/advisories/41574", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "source": "cret@cert.org"}, {"url": "http://ubuntu.com/usn/usn-913-1", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.debian.org/security/2010/dsa-2032", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.kb.cert.org/vuls/id/576029", "tags": ["Third Party Advisory", "US Government Resource"], "source": "cret@cert.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.securityfocus.com/bid/38478", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.securitytracker.com/id?1023674", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0517", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0605", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0626", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0637", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0667", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0682", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0686", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/0847", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/1107", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "http://www.vupen.com/english/advisories/2010/2491", "tags": ["Third Party Advisory"], "source": "cret@cert.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661", "tags": ["Third Party Advisory", "VDB Entry"], "source": "cret@cert.org"}, {"url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://libpng.sourceforge.net/decompression_bombs.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html", "tags": ["Mailing List", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html", "tags": ["Mailing List"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://osvdb.org/62670", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/38774", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/39251", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/41574", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://support.apple.com/kb/HT4435", "tags": ["Broken Link"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://ubuntu.com/usn/usn-913-1", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.debian.org/security/2010/dsa-2032", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.kb.cert.org/vuls/id/576029", "tags": ["Third Party Advisory", "US Government Resource"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/38478", "tags": ["Patch", "Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securitytracker.com/id?1023674", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0517", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0605", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0626", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0637", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0667", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0682", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0686", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/0847", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/1107", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2010/2491", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-400"}]}], "descriptions": [{"lang": "en", "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."}, {"lang": "es", "value": "La funci\u00f3n png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representaci\u00f3n descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicaci\u00f3n) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del m\u00e9todo de decompresi\u00f3n con datos con muchas ocurrencias del mismo caracter, en relaci\u00f3n con un ataque \"decompression bomb\" (bomba de descompresi\u00f3n)."}], "lastModified": "2025-04-11T00:51:21.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3110AADE-22CC-4BF0-A45B-4884DC412622", "versionEndExcluding": "1.0.53", "versionStartIncluding": "1.0.0"}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "376224B7-C526-4A78-95A4-034BD437E52B", "versionEndExcluding": "1.2.43", "versionStartIncluding": "1.2.0"}, {"criteria": "cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CE8989E-12D3-4C9E-9BE3-D992533152F3", "versionEndExcluding": "1.4.1", "versionStartIncluding": "1.4.0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "46E5D24A-8CA0-4590-9F35-F684D573D030", "versionEndExcluding": "10.6.5"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3BB5EDB-520B-4DEF-B06E-65CA13152824"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E44669D7-6C1E-4844-B78A-73E253A7CC17"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2D59BD0-43DE-4E58-A057-640AB98359A6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1B42AB65-443B-4655-BAEA-4EB4A43D9509"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883"}, {"criteria": "cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CD2D897-E321-4CED-92E0-11A98B52053C"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "25CBACD3-AFB7-410D-927F-0C1FF477D396"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F13F07CC-739B-465C-9184-0E9D708BD4C7"}, {"criteria": "cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EE26596F-F10E-44EF-88CA-0080646E91B9"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "7EBFE35C-E243-43D1-883D-4398D71763CC"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4747CC68-FAF4-482F-929A-9DA6C24CB663"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A5D026D0-EF78-438D-BEDD-FC8571F3ACEB"}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2BCB73E-27BB-4878-AD9C-90C4F20C25A0"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C757774-08E7-40AA-B532-6F705C8F7639"}, {"criteria": "cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "036E8A89-7A16-411F-9D31-676313BB7244"}], "operator": "OR"}]}], "vendorComments": [{"comment": "This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.", "lastModified": "2010-07-14T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "cret@cert.org"}