CVE-2010-0205
Vulnerability from cvelistv5
Published
2010-03-03 19:00
Modified
2024-08-07 00:37
Severity ?
Summary
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
References
cret@cert.orghttp://libpng.sourceforge.net/ADVISORY-1.4.1.htmlThird Party Advisory
cret@cert.orghttp://libpng.sourceforge.net/decompression_bombs.htmlThird Party Advisory
cret@cert.orghttp://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.htmlThird Party Advisory
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.htmlThird Party Advisory
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.htmlThird Party Advisory
cret@cert.orghttp://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.htmlThird Party Advisory
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlMailing List, Third Party Advisory
cret@cert.orghttp://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlMailing List
cret@cert.orghttp://lists.vmware.com/pipermail/security-announce/2010/000105.htmlThird Party Advisory
cret@cert.orghttp://osvdb.org/62670Broken Link
cret@cert.orghttp://secunia.com/advisories/38774Third Party Advisory
cret@cert.orghttp://secunia.com/advisories/39251Third Party Advisory
cret@cert.orghttp://secunia.com/advisories/41574Third Party Advisory
cret@cert.orghttp://support.apple.com/kb/HT4435Broken Link
cret@cert.orghttp://ubuntu.com/usn/usn-913-1Third Party Advisory
cret@cert.orghttp://www.debian.org/security/2010/dsa-2032Third Party Advisory
cret@cert.orghttp://www.kb.cert.org/vuls/id/576029Third Party Advisory, US Government Resource
cret@cert.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:063Third Party Advisory
cret@cert.orghttp://www.mandriva.com/security/advisories?name=MDVSA-2010:064Third Party Advisory
cret@cert.orghttp://www.securityfocus.com/bid/38478Patch, Third Party Advisory, VDB Entry
cret@cert.orghttp://www.securitytracker.com/id?1023674Third Party Advisory, VDB Entry
cret@cert.orghttp://www.vmware.com/security/advisories/VMSA-2010-0014.htmlThird Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0517Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0605Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0626Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0637Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0667Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0682Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0686Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/0847Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/1107Third Party Advisory
cret@cert.orghttp://www.vupen.com/english/advisories/2010/2491Third Party Advisory
cret@cert.orghttps://exchange.xforce.ibmcloud.com/vulnerabilities/56661Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://libpng.sourceforge.net/ADVISORY-1.4.1.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://libpng.sourceforge.net/decompression_bombs.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.htmlMailing List
af854a3a-2127-422b-91ae-364da2661108http://lists.vmware.com/pipermail/security-announce/2010/000105.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/62670Broken Link
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/38774Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/39251Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/41574Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://support.apple.com/kb/HT4435Broken Link
af854a3a-2127-422b-91ae-364da2661108http://ubuntu.com/usn/usn-913-1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2010/dsa-2032Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/576029Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:063Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2010:064Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/38478Patch, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1023674Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.vmware.com/security/advisories/VMSA-2010-0014.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0517Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0605Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0626Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0637Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0667Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0682Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0686Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/0847Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/1107Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.vupen.com/english/advisories/2010/2491Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/56661Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T00:37:54.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
          },
          {
            "name": "ADV-2010-0517",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0517"
          },
          {
            "name": "ADV-2010-0682",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0682"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT4435"
          },
          {
            "name": "62670",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/62670"
          },
          {
            "name": "MDVSA-2010:063",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
          },
          {
            "name": "ADV-2010-0605",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0605"
          },
          {
            "name": "FEDORA-2010-3414",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
          },
          {
            "name": "ADV-2010-0626",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0626"
          },
          {
            "name": "ADV-2010-0686",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0686"
          },
          {
            "name": "39251",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/39251"
          },
          {
            "name": "ADV-2010-1107",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/1107"
          },
          {
            "name": "MDVSA-2010:064",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
          },
          {
            "name": "libpng-pngdecompresschunk-dos(56661)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
          },
          {
            "name": "SUSE-SR:2010:011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
          },
          {
            "name": "USN-913-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://ubuntu.com/usn/usn-913-1"
          },
          {
            "name": "APPLE-SA-2010-11-10-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
          },
          {
            "name": "SUSE-SR:2010:013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
          },
          {
            "name": "DSA-2032",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2010/dsa-2032"
          },
          {
            "name": "41574",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/41574"
          },
          {
            "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
          },
          {
            "name": "FEDORA-2010-3375",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
          },
          {
            "name": "38774",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/38774"
          },
          {
            "name": "SUSE-SR:2010:012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
          },
          {
            "name": "ADV-2010-0637",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0637"
          },
          {
            "name": "VU#576029",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/576029"
          },
          {
            "name": "FEDORA-2010-4683",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
          },
          {
            "name": "38478",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/38478"
          },
          {
            "name": "ADV-2010-2491",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/2491"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
          },
          {
            "name": "1023674",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1023674"
          },
          {
            "name": "ADV-2010-0847",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0847"
          },
          {
            "name": "ADV-2010-0667",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2010/0667"
          },
          {
            "name": "FEDORA-2010-2988",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://libpng.sourceforge.net/decompression_bombs.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-03-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-16T14:57:01",
        "orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
        "shortName": "certcc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
        },
        {
          "name": "ADV-2010-0517",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0517"
        },
        {
          "name": "ADV-2010-0682",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0682"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT4435"
        },
        {
          "name": "62670",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/62670"
        },
        {
          "name": "MDVSA-2010:063",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
        },
        {
          "name": "ADV-2010-0605",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0605"
        },
        {
          "name": "FEDORA-2010-3414",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
        },
        {
          "name": "ADV-2010-0626",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0626"
        },
        {
          "name": "ADV-2010-0686",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0686"
        },
        {
          "name": "39251",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/39251"
        },
        {
          "name": "ADV-2010-1107",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/1107"
        },
        {
          "name": "MDVSA-2010:064",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
        },
        {
          "name": "libpng-pngdecompresschunk-dos(56661)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
        },
        {
          "name": "SUSE-SR:2010:011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
        },
        {
          "name": "USN-913-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://ubuntu.com/usn/usn-913-1"
        },
        {
          "name": "APPLE-SA-2010-11-10-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
        },
        {
          "name": "SUSE-SR:2010:013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
        },
        {
          "name": "DSA-2032",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2010/dsa-2032"
        },
        {
          "name": "41574",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/41574"
        },
        {
          "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
        },
        {
          "name": "FEDORA-2010-3375",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
        },
        {
          "name": "38774",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/38774"
        },
        {
          "name": "SUSE-SR:2010:012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
        },
        {
          "name": "ADV-2010-0637",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0637"
        },
        {
          "name": "VU#576029",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/576029"
        },
        {
          "name": "FEDORA-2010-4683",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
        },
        {
          "name": "38478",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/38478"
        },
        {
          "name": "ADV-2010-2491",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/2491"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
        },
        {
          "name": "1023674",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1023674"
        },
        {
          "name": "ADV-2010-0847",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0847"
        },
        {
          "name": "ADV-2010-0667",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2010/0667"
        },
        {
          "name": "FEDORA-2010-2988",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://libpng.sourceforge.net/decompression_bombs.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cert@cert.org",
          "ID": "CVE-2010-0205",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \"decompression bomb\" attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html",
              "refsource": "CONFIRM",
              "url": "http://www.vmware.com/security/advisories/VMSA-2010-0014.html"
            },
            {
              "name": "ADV-2010-0517",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0517"
            },
            {
              "name": "ADV-2010-0682",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0682"
            },
            {
              "name": "http://support.apple.com/kb/HT4435",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT4435"
            },
            {
              "name": "62670",
              "refsource": "OSVDB",
              "url": "http://osvdb.org/62670"
            },
            {
              "name": "MDVSA-2010:063",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:063"
            },
            {
              "name": "ADV-2010-0605",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0605"
            },
            {
              "name": "FEDORA-2010-3414",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html"
            },
            {
              "name": "ADV-2010-0626",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0626"
            },
            {
              "name": "ADV-2010-0686",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0686"
            },
            {
              "name": "39251",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/39251"
            },
            {
              "name": "ADV-2010-1107",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/1107"
            },
            {
              "name": "MDVSA-2010:064",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2010:064"
            },
            {
              "name": "libpng-pngdecompresschunk-dos(56661)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/56661"
            },
            {
              "name": "SUSE-SR:2010:011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html"
            },
            {
              "name": "USN-913-1",
              "refsource": "UBUNTU",
              "url": "http://ubuntu.com/usn/usn-913-1"
            },
            {
              "name": "APPLE-SA-2010-11-10-1",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html"
            },
            {
              "name": "SUSE-SR:2010:013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html"
            },
            {
              "name": "DSA-2032",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2010/dsa-2032"
            },
            {
              "name": "41574",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/41574"
            },
            {
              "name": "[security-announce] 20100923 VMSA-2010-0014 VMware Workstation, Player, and ACE address several security issues",
              "refsource": "MLIST",
              "url": "http://lists.vmware.com/pipermail/security-announce/2010/000105.html"
            },
            {
              "name": "FEDORA-2010-3375",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html"
            },
            {
              "name": "38774",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/38774"
            },
            {
              "name": "SUSE-SR:2010:012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html"
            },
            {
              "name": "ADV-2010-0637",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0637"
            },
            {
              "name": "VU#576029",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/576029"
            },
            {
              "name": "FEDORA-2010-4683",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html"
            },
            {
              "name": "38478",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/38478"
            },
            {
              "name": "ADV-2010-2491",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/2491"
            },
            {
              "name": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html",
              "refsource": "CONFIRM",
              "url": "http://libpng.sourceforge.net/ADVISORY-1.4.1.html"
            },
            {
              "name": "1023674",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1023674"
            },
            {
              "name": "ADV-2010-0847",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0847"
            },
            {
              "name": "ADV-2010-0667",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2010/0667"
            },
            {
              "name": "FEDORA-2010-2988",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html"
            },
            {
              "name": "http://libpng.sourceforge.net/decompression_bombs.html",
              "refsource": "CONFIRM",
              "url": "http://libpng.sourceforge.net/decompression_bombs.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
    "assignerShortName": "certcc",
    "cveId": "CVE-2010-0205",
    "datePublished": "2010-03-03T19:00:00",
    "dateReserved": "2010-01-06T00:00:00",
    "dateUpdated": "2024-08-07T00:37:54.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2010-0205\",\"sourceIdentifier\":\"cret@cert.org\",\"published\":\"2010-03-03T19:30:00.493\",\"lastModified\":\"2024-11-21T01:11:45.570\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a \\\"decompression bomb\\\" attack.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n png_decompress_chunk en pngrutil.c en libpng 1.0.x en versiones anteriores a la 1.0.53, 1.2.x en versiones anteriores a la 1.2.43 y1.4.x en versiones anteriores a la 1.4.1 no maneja adecuadamente los datos fragmentados auxiliares comprimidos que tienen una representaci\u00f3n descomprimida desproporcionada, lo que permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU y de la memoria y cuelgue de la aplicaci\u00f3n) mediante un fichero PNG manipulado, como ha quedado demostrado por el uso del m\u00e9todo de decompresi\u00f3n con datos con muchas ocurrencias del mismo caracter, en relaci\u00f3n con un ataque \\\"decompression bomb\\\" (bomba de descompresi\u00f3n).\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:N/A:P\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.0.0\",\"versionEndExcluding\":\"1.0.53\",\"matchCriteriaId\":\"3110AADE-22CC-4BF0-A45B-4884DC412622\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.2.0\",\"versionEndExcluding\":\"1.2.43\",\"matchCriteriaId\":\"376224B7-C526-4A78-95A4-034BD437E52B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.4.1\",\"matchCriteriaId\":\"9CE8989E-12D3-4C9E-9BE3-D992533152F3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.6.5\",\"matchCriteriaId\":\"46E5D24A-8CA0-4590-9F35-F684D573D030\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3BB5EDB-520B-4DEF-B06E-65CA13152824\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E44669D7-6C1E-4844-B78A-73E253A7CC17\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2D59BD0-43DE-4E58-A057-640AB98359A6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B42AB65-443B-4655-BAEA-4EB4A43D9509\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBF7B6A8-3DF9-46EC-A90E-6EF68C39F883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A01C8B7E-EB19-40EA-B1D2-9AE5EA536C95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4CD2D897-E321-4CED-92E0-11A98B52053C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*\",\"matchCriteriaId\":\"25CBACD3-AFB7-410D-927F-0C1FF477D396\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"F13F07CC-739B-465C-9184-0E9D708BD4C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE26596F-F10E-44EF-88CA-0080646E91B9\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"454A5D17-B171-4F1F-9E0B-F18D1E5CA9FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*\",\"matchCriteriaId\":\"7EBFE35C-E243-43D1-883D-4398D71763CC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4747CC68-FAF4-482F-929A-9DA6C24CB663\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A5D026D0-EF78-438D-BEDD-FC8571F3ACEB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A2BCB73E-27BB-4878-AD9C-90C4F20C25A0\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C757774-08E7-40AA-B532-6F705C8F7639\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"036E8A89-7A16-411F-9D31-676313BB7244\"}]}]}],\"references\":[{\"url\":\"http://libpng.sourceforge.net/ADVISORY-1.4.1.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://libpng.sourceforge.net/decompression_bombs.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000105.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/62670\",\"source\":\"cret@cert.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/38774\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/39251\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/41574\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"cret@cert.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://ubuntu.com/usn/usn-913-1\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-2032\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/576029\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:063\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:064\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/38478\",\"source\":\"cret@cert.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1023674\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0014.html\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0517\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0605\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0626\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0637\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0667\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0682\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0686\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0847\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2491\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56661\",\"source\":\"cret@cert.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://libpng.sourceforge.net/ADVISORY-1.4.1.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://libpng.sourceforge.net/decompression_bombs.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://lists.vmware.com/pipermail/security-announce/2010/000105.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://osvdb.org/62670\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://secunia.com/advisories/38774\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/39251\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://secunia.com/advisories/41574\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://support.apple.com/kb/HT4435\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://ubuntu.com/usn/usn-913-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2010/dsa-2032\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.kb.cert.org/vuls/id/576029\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:063\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2010:064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/38478\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.securitytracker.com/id?1023674\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://www.vmware.com/security/advisories/VMSA-2010-0014.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0517\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0605\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0626\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0637\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0667\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0682\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0686\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/0847\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/1107\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.vupen.com/english/advisories/2010/2491\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/56661\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"This issue has been addressed in Red Hat Enterprise Linux 3, 4, and 5 via https://rhn.redhat.com/errata/RHSA-2010-0534.html.\",\"lastModified\":\"2010-07-14T00:00:00\"}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.