Vulnerability & Exploit Database

Back to search

RHSA-2010:0534: libpng security update

Severity CVSS Published Added Modified
8 (AV:N/AC:L/Au:N/C:N/I:N/A:C) March 02, 2010 July 15, 2010 July 03, 2017

Description

The libpng packages contain a library of functions for creating andmanipulating PNG (Portable Network Graphics) image format files.A memory corruption flaw was found in the way applications, using thelibpng library and its progressive reading method, decoded certain PNGimages. An attacker could create a specially-crafted PNG image that, whenopened, could cause an application using libpng to crash or, potentially,execute arbitrary code with the privileges of the user running theapplication. (CVE-2010-1205)A denial of service flaw was found in the way applications using the libpnglibrary decoded PNG images that have certain, highly compressed ancillarychunks. An attacker could create a specially-crafted PNG image that couldcause an application using libpng to consume excessive amounts of memoryand CPU time, and possibly crash. (CVE-2010-0205)A memory leak flaw was found in the way applications using the libpnglibrary decoded PNG images that use the Physical Scale (sCAL) extension. Anattacker could create a specially-crafted PNG image that could cause anapplication using libpng to exhaust all available memory and possibly crashor exit. (CVE-2010-2249)A sensitive information disclosure flaw was found in the way applicationsusing the libpng library processed 1-bit interlaced PNG images. An attackercould create a specially-crafted PNG image that could cause an applicationusing libpng to disclose uninitialized memory. (CVE-2009-2042)Users of libpng and libpng10 should upgrade to these updated packages,which contain backported patches to correct these issues. All runningapplications using libpng or libpng10 must be restarted for the update totake effect.

Free Nexpose Download

Discover, prioritize, and remediate security risks today!

 Download now

References

Solution

redhat-upgrade-libpng

Related Vulnerabilities