CVE-2010-2249 — MEDIUM (6.5)

Q: How severe is CVE-2010-2249?

CVE-2010-2249 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2010-2249?

Check the references section above for vendor advisories and patch information. Affected products include: Libpng Libpng, Apple Itunes, Apple Safari, Apple Iphone Os, Apple Tvos.

Vulnerability Description

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Libpng	Libpng	< 1.2.44
Apple	Itunes	< 10.2
Apple	Safari	< 5.0.4
Apple	Iphone Os	>= 2.0, <= 4.1
Apple	Tvos	< 4.1.0
Fedoraproject	Fedora	12
Opensuse	Opensuse	11.1
Suse	Linux Enterprise Server	9
Vmware	Player	>= 2.5, < 2.5.5
Vmware	Workstation	>= 6.5.0, < 6.5.5
Canonical	Ubuntu Linux	6.06
Debian	Debian Linux	5.0

Related Weaknesses (CWE)

CWE-401

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlMailing ListThird Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlMailing ListThird Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000105.htmlMailing ListThird Party Advisory
http://secunia.com/advisories/40302Broken Link
http://secunia.com/advisories/40336Broken Link
http://secunia.com/advisories/40472Broken Link
http://secunia.com/advisories/40547Broken Link
http://secunia.com/advisories/41574Broken Link
http://secunia.com/advisories/42314Broken Link

FAQ

What is CVE-2010-2249?

CVE-2010-2249 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing ma...

How severe is CVE-2010-2249?

CVE-2010-2249 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2010-2249?

Check the references section above for vendor advisories and patch information. Affected products include: Libpng Libpng, Apple Itunes, Apple Safari, Apple Iphone Os, Apple Tvos.