VulnerableCode Package Details - pkg:rpm/redhat/libpng@2:1.2.10-7.1.el5

Search for packages

Vulnerability	Summary	Fixed by
VCID-1j6j-upj4-37hk Aliases: CVE-2009-2042	A vulnerability has been discovered in libpng that allows for information disclosure.	There are no reported fixed by versions.
VCID-d5tt-4fbc-m7ar Aliases: CVE-2010-0205	Uncontrolled Resource Consumption The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.	There are no reported fixed by versions.
VCID-dtf8-3v7n-yydn Aliases: CVE-2010-1205	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.	There are no reported fixed by versions.
VCID-s9ps-uutg-r7cf Aliases: CVE-2010-2249	Missing Release of Memory after Effective Lifetime Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-1j6j-upj4-37hk
Aliases:
CVE-2009-2042

A vulnerability has been discovered in libpng that allows for information disclosure.

There are no reported fixed by versions.

VCID-d5tt-4fbc-m7ar
Aliases:
CVE-2010-0205

Uncontrolled Resource Consumption The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

There are no reported fixed by versions.

VCID-dtf8-3v7n-yydn
Aliases:
CVE-2010-1205

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Buffer overflow in pngpread.c in libpng, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

There are no reported fixed by versions.

VCID-s9ps-uutg-r7cf
Aliases:
CVE-2010-2249

Missing Release of Memory after Effective Lifetime Memory leak in pngrutil.c in libpng , allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:58:14.179282+00:00	RedHat Importer	Affected by	VCID-1j6j-upj4-37hk	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-2042.json	38.0.0
2026-04-01T14:57:23.405067+00:00	RedHat Importer	Affected by	VCID-d5tt-4fbc-m7ar	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0205.json	38.0.0
2026-04-01T14:57:10.755340+00:00	RedHat Importer	Affected by	VCID-s9ps-uutg-r7cf	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-2249.json	38.0.0
2026-04-01T14:57:10.680787+00:00	RedHat Importer	Affected by	VCID-dtf8-3v7n-yydn	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json	38.0.0