CVE-2010-0205
Description
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
OS impact
Debian Affected 2 releases
| Version | Status | Fixed in |
|---|---|---|
| 6.0 | Affected | โ |
| 5.0 | Affected | โ |
Fedora Affected 3 releases
| Version | Status | Fixed in |
|---|---|---|
| 13 | Affected | โ |
| 12 | Affected | โ |
| 11 | Affected | โ |
macOS Affected 1 release
| Version | Status | Fixed in |
|---|---|---|
| โ | Affected | 10.6.5 |
SUSE Affected 6 releases
| Version | Status | Fixed in |
|---|---|---|
| 11.2 | Affected | โ |
| 11.1 | Affected | โ |
| 11.0 | Affected | โ |
| 11 | Affected | โ |
| 10 | Affected | โ |
| 9 | Affected | โ |
Ubuntu Affected 5 releases
| Version | Status | Fixed in |
|---|---|---|
| 9.10 | Affected | โ |
| 9.04 | Affected | โ |
| 8.10 | Affected | โ |
| 8.04 | Affected | โ |
| 6.06 | Affected | โ |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| libpng | libpng | {"startIncluding":"1.0.0","endExcluding":"1.0.53"} | 1.0.53 |
References
- http://libpng.sourceforge.net/ADVISORY-1.4.1.html
- http://libpng.sourceforge.net/decompression_bombs.html
- http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html
- http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
- http://lists.vmware.com/pipermail/security-announce/2010/000105.html
- http://osvdb.org/62670
- http://secunia.com/advisories/38774
- http://secunia.com/advisories/39251
- http://secunia.com/advisories/41574
- http://support.apple.com/kb/HT4435
- http://ubuntu.com/usn/usn-913-1
- http://www.debian.org/security/2010/dsa-2032
- http://www.kb.cert.org/vuls/id/576029
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:063
- http://www.mandriva.com/security/advisories?name=MDVSA-2010:064
- http://www.securityfocus.com/bid/38478
- http://www.securitytracker.com/id?1023674
- http://www.vmware.com/security/advisories/VMSA-2010-0014.html
- http://www.vupen.com/english/advisories/2010/0517
CWEs
CWE-400
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.