CVE-2010-2249

libpng: Memory leak when processing Physical Scale (sCAL) images

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Fuga de memoria en pngrutil.c en libpng anteriores a v1.2.44 y v1.4.x anteriores a v.1.4.3, permite a atacantes remotos causar una denegación de servicio (consumo de memoria y caída de aplicación) a través de una imagen que contiene un troceado mal formado del Physical Scale (también conocido como sCAL)

It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. It was discovered that libpng did not properly handle certain malformed PNG images. If a user or automated system were tricked into processing a crafted PNG image, an attacker could possibly use this flaw to consume all available resources, resulting in a denial of service.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2010-06-09 CVE Reserved
2010-06-30 CVE Published
2024-08-07 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-401: Missing Release of Memory after Effective Lifetime

CAPEC

References (41)

URL	Tag	Source
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=90cfcecc09febb8d6c8c1d37ea7bb7cf0f4b00f3#patch20	X_refsource_confirm
http://lists.vmware.com/pipermail/security-announce/2010/000105.html	Mailing List
http://secunia.com/advisories/40302	Broken Link
http://secunia.com/advisories/40336	Broken Link
http://secunia.com/advisories/40472	Broken Link
http://secunia.com/advisories/40547	Broken Link
http://secunia.com/advisories/41574	Broken Link
http://secunia.com/advisories/42314	Broken Link
http://secunia.com/advisories/42317	Broken Link
http://support.apple.com/kb/HT4435	Broken Link
http://support.apple.com/kb/HT4456	Third Party Advisory
http://support.apple.com/kb/HT4457	Third Party Advisory
http://support.apple.com/kb/HT4554	Third Party Advisory
http://support.apple.com/kb/HT4566	Broken Link
http://www.securitytracker.com/id?1024723	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0014.html	Third Party Advisory
http://www.vupen.com/english/advisories/2010/1612	Broken Link
http://www.vupen.com/english/advisories/2010/1637	Broken Link
http://www.vupen.com/english/advisories/2010/1755	Broken Link
http://www.vupen.com/english/advisories/2010/1837	Broken Link
http://www.vupen.com/english/advisories/2010/1846	Broken Link
http://www.vupen.com/english/advisories/2010/1877	Broken Link
http://www.vupen.com/english/advisories/2010/2491	Broken Link
http://www.vupen.com/english/advisories/2010/3045	Broken Link
http://www.vupen.com/english/advisories/2010/3046	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/59816	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061	2023-02-13
http://www.securityfocus.com/bid/41174	2023-02-13
https://bugzilla.redhat.com/show_bug.cgi?id=608644	2010-07-14

URL	Date	SRC
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html	2023-02-13
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html	2023-02-13
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html	2023-02-13
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html	2023-02-13
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html	2023-02-13
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html	2023-02-13
http://www.debian.org/security/2010/dsa-2072	2023-02-13
http://www.libpng.org/pub/png/libpng.html	2023-02-13
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133	2023-02-13
http://www.ubuntu.com/usn/USN-960-1	2023-02-13
https://access.redhat.com/security/cve/CVE-2010-2249	2010-07-14

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libpng Search vendor "Libpng"		Libpng Search vendor "Libpng" for product "Libpng"				< 1.2.44 Search vendor "Libpng" for product "Libpng" and version " < 1.2.44"		-		Affected
Libpng Search vendor "Libpng"		Libpng Search vendor "Libpng" for product "Libpng"				>= 1.4.0 < 1.4.3 Search vendor "Libpng" for product "Libpng" and version " >= 1.4.0 < 1.4.3"		-		Affected
Apple Search vendor "Apple"		Itunes Search vendor "Apple" for product "Itunes"				< 10.2 Search vendor "Apple" for product "Itunes" and version " < 10.2"		-		Affected
Apple Search vendor "Apple"		Safari Search vendor "Apple" for product "Safari"				< 5.0.4 Search vendor "Apple" for product "Safari" and version " < 5.0.4"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				>= 2.0 <= 4.1 Search vendor "Apple" for product "Iphone Os" and version " >= 2.0 <= 4.1"		-		Affected
Apple Search vendor "Apple"		Tvos Search vendor "Apple" for product "Tvos"				< 4.1.0 Search vendor "Apple" for product "Tvos" and version " < 4.1.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				12 Search vendor "Fedoraproject" for product "Fedora" and version "12"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				13 Search vendor "Fedoraproject" for product "Fedora" and version "13"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.2 Search vendor "Opensuse" for product "Opensuse" and version "11.2"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				9 Search vendor "Suse" for product "Linux Enterprise Server" and version "9"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp1		Affected
Vmware Search vendor "Vmware"		Player Search vendor "Vmware" for product "Player"				>= 2.5 < 2.5.5 Search vendor "Vmware" for product "Player" and version " >= 2.5 < 2.5.5"		-		Affected
Vmware Search vendor "Vmware"		Player Search vendor "Vmware" for product "Player"				>= 3.1 < 3.1.2 Search vendor "Vmware" for product "Player" and version " >= 3.1 < 3.1.2"		-		Affected
Vmware Search vendor "Vmware"		Workstation Search vendor "Vmware" for product "Workstation"				>= 6.5.0 < 6.5.5 Search vendor "Vmware" for product "Workstation" and version " >= 6.5.0 < 6.5.5"		-		Affected
Vmware Search vendor "Vmware"		Workstation Search vendor "Vmware" for product "Workstation"				>= 7.1 < 7.1.2 Search vendor "Vmware" for product "Workstation" and version " >= 7.1 < 7.1.2"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				6.06 Search vendor "Canonical" for product "Ubuntu Linux" and version "6.06"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				8.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "8.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				9.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "9.10"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				10.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "10.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected