CVSS: 6.5EPSS: 2%CPEs: 24EXPL: 0CVE-2010-2249 – libpng: Memory leak when processing Physical Scale (sCAL) images
https://notcve.org/view.php?id=CVE-2010-2249
Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks. Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical Scale (también conocido como sCAL) • http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html http&# • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 9.8EPSS: 70%CPEs: 31EXPL: 4CVE-2010-1205 – libpng 1.4.2 - Denial of Service
https://notcve.org/view.php?id=CVE-2010-1205
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. Desbordamiento de buffer en el fichero pngpread.c en libpng anteriores a 1.2.44 y 1.4.x anteriroes a 1.4.3, como se utiliza en aplicaciones progresivas, podría permitir a atacantes remotos ejecutar código arbitrario mediante una imagen PNG que desencadena una serie de datos adicionales. • https://www.exploit-db.com/exploits/14422 https://github.com/mk219533/CVE-2010-1205 http://blackberry.com/btsc/KB27244 http://code.google.com/p/chromium/issues/detail?id=45983 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.apple.com/archives/security-anno • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 6.8EPSS: 1%CPEs: 20EXPL: 0CVE-2010-1321 – krb5: null pointer dereference in GSS-API library leads to DoS (MITKRB5-SA-2010-005)
https://notcve.org/view.php?id=CVE-2010-1321
The kg_accept_krb5 function in krb5/accept_sec_context.c in the GSS-API library in MIT Kerberos 5 (aka krb5) through 1.7.1 and 1.8 before 1.8.2, as used in kadmind and other applications, does not properly check for invalid GSS-API tokens, which allows remote authenticated users to cause a denial of service (NULL pointer dereference and daemon crash) via an AP-REQ message in which the authenticator's checksum field is missing. Vulnerabilidad en la función "kg_accept_krb5" en "krb5/accept_sec_context.c" de la librería GSS-API en MIT Kerberos v5 (también conocido como krb5) a través de v1.7.1 y v1.8 anterior a v1.8.2, como los usados en "kadmind" y otras aplicaciones, no comprueban adecuadamente vales (tokens) GSS-API inválidos, que permiten a usuarios autenticados remotamente causar una denegación de servicio (referencia a puntero nulo y caída del demonio) a través de un mensaje AP-REQ en el cual se pierde el campo "checksum" del usuario autenticado. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02257427 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041615.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041645.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041654.html http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://lists.opensuse.org/opensuse-security-announce • CWE-476: NULL Pointer Dereference •
CVSS: 4.3EPSS: 1%CPEs: 21EXPL: 0CVE-2010-0205 – libpng: excessive memory consumption due to highly compressed huge ancillary chunk
https://notcve.org/view.php?id=CVE-2010-0205
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack. La función png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representación descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegación de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicación) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del método de decompresión con datos con muchas ocurrencias del mismo caracter, en relación con un ataque "decompression bomb" (bomba de descompresión). • http://libpng.sourceforge.net/ADVISORY-1.4.1.html http://libpng.sourceforge.net/decompression_bombs.html http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html http:/ • CWE-400: Uncontrolled Resource Consumption •
CVSS: 7.5EPSS: 7%CPEs: 10EXPL: 1CVE-2010-0013 – Pidgin MSN 2.6.4 - File Download
https://notcve.org/view.php?id=CVE-2010-0013
Directory traversal vulnerability in slp.c in the MSN protocol plugin in libpurple in Pidgin 2.6.4 and Adium 1.3.8 allows remote attackers to read arbitrary files via a .. (dot dot) in an application/x-msnmsgrp2p MSN emoticon (aka custom smiley) request, a related issue to CVE-2004-0122. NOTE: it could be argued that this is resultant from a vulnerability in which an emoticon download request is processed even without a preceding text/x-mms-emoticon message that announced availability of the emoticon. Vulnerabilidad de salto de directorio en slp.c en el complemento del protocolo MSN en libpurple en Pidgin v2.6.4 y Adium v1.3.8 permite a atacantes remotos leer ficheros de su elección a través de un .. (punto punto) en una petición emoticono MSN application/x-msnmsgrp2p (también conocido como emoticono personalizado), un caso relaciona con CVE-2004-0122. • https://www.exploit-db.com/exploits/11203 http://d.pidgin.im/viewmtn/revision/info/3d02401cf232459fc80c0837d31e05fae7ae5467 http://d.pidgin.im/viewmtn/revision/info/4be2df4f72bd8a55cdae7f2554b73342a497c92f http://d.pidgin.im/viewmtn/revision/info/c64a1adc8bda2b4aeaae1f273541afbc4f71b810 http://developer.pidgin.im/viewmtn/revision/diff/3d02401cf232459fc80c0837d31e05fae7ae5467/with/c64a1adc8bda2b4aeaae1f273541afbc4f71b810/libpurple/protocols/msn/slp.c http://events.ccc.de/congress/2009/Fahrplan/events/3596.en.html http://lists.fedoraproject.org/piperma • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •