Description
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.
CVSS breakdown
CVSS 3.1
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
Affected products
- Apple / iphone_os2.0 – 4.1
- Apple / itunes10.2
- Apple / Safari5.0.4
- Apple / tvOS4.1.0
- Canonical / Ubuntu Linux6.06 – 6.06
- Canonical / Ubuntu Linux9.10 – 9.10
- Canonical / Ubuntu Linux9.04 – 9.04
- Canonical / Ubuntu Linux8.04 – 8.04
- Canonical / Ubuntu Linux10.04 – 10.04
- Debian / debian_linux5.0 – 5.0
- fedoraproject / fedora12 – 12
- fedoraproject / fedora13 – 13
- libpng / libpng1.2.44
- openSUSE / opensuse11.2 – 11.2
- openSUSE / opensuse11.1 – 11.1
- SUSE / linux_enterprise_server11 – 11
- SUSE / linux_enterprise_server9 – 9
- SUSE / linux_enterprise_server10 – 10
- SUSE / linux_enterprise_server11 – 11
- VMware / player2.5 – 2.5.5
- VMware / Workstation6.5.0 – 6.5.5
References
- MISChttp://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20
- VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDVSA-2010:133
- VENDOR_ADVISORYhttp://www.vmware.com/security/advisories/VMSA-2010-0014.html
- MISChttp://www.securityfocus.com/bid/41174
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1877
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3045
- MISChttp://www.securitytracker.com/id?1024723
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4435
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1837
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4457
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1755
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/3046
- VENDOR_ADVISORYhttp://secunia.com/advisories/40472
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4566
- MISChttps://bugzilla.redhat.com/show_bug.cgi?id=608644
- VENDOR_ADVISORYhttp://secunia.com/advisories/40302
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/40336
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/59816
- VENDOR_ADVISORYhttp://secunia.com/advisories/41574
- VENDOR_ADVISORYhttp://www.ubuntu.com/usn/USN-960-1
- MISChttp://www.libpng.org/pub/png/libpng.html
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
- VENDOR_ADVISORYhttp://secunia.com/advisories/42317
- MAILING_LISThttp://lists.vmware.com/pipermail/security-announce/2010/000105.html
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
- VENDOR_ADVISORYhttp://www.debian.org/security/2010/dsa-2072
- VENDOR_ADVISORYhttp://secunia.com/advisories/40547
- VENDOR_ADVISORYhttp://secunia.com/advisories/42314
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1637
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4554
- MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
- MISChttp://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
- MAILING_LISThttp://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
- VENDOR_ADVISORYhttp://support.apple.com/kb/HT4456
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/2491
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1846
- MAILING_LISThttp://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2010/1612