VulnerableCode Vulnerability Details - VCID-t4vh-sf1x-d3dj

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-t4vh-sf1x-d3dj

Essentials
Severities (2)
References (19)
Severity details (1)
Exploits (1)
EPSS
History (1)

Vulnerability ID	VCID-t4vh-sf1x-d3dj
Aliases	CVE-2010-1205
Summary	OUSPG researcher Aki Helin reported a buffer overflow in Mozilla graphics code which consumes image data processed by libpng. A malformed PNG file could be created which would cause libpng to incorrectly report the size of the image to downstream consumers. When the dimensions of such images are underreported, the Mozilla code responsible for displaying the graphic will allocate too small a memory buffer to contain the image data and will wind up writing data past the end of the buffer. This could result in the execution of attacker-controlled memory.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-120	Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.14816	https://api.first.org/data/v1/epss?cve=CVE-2010-1205
generic_textual	critical	https://www.mozilla.org/en-US/security/advisories/mfsa2010-41

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-1205.json
		https://api.first.org/data/v1/epss?cve=CVE-2010-1205
608238		https://bugzilla.redhat.com/show_bug.cgi?id=608238
CVE-2010-1205		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
CVE-2010-1205	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/14422.c
CVE-2010-1205		https://nvd.nist.gov/vuln/detail/CVE-2010-1205
GLSA-201010-01		https://security.gentoo.org/glsa/201010-01
GLSA-201301-01		https://security.gentoo.org/glsa/201301-01
GLSA-201412-08		https://security.gentoo.org/glsa/201412-08
GLSA-201412-11		https://security.gentoo.org/glsa/201412-11
mfsa2010-41		https://www.mozilla.org/en-US/security/advisories/mfsa2010-41
RHSA-2010:0534		https://access.redhat.com/errata/RHSA-2010:0534
RHSA-2010:0545		https://access.redhat.com/errata/RHSA-2010:0545
RHSA-2010:0546		https://access.redhat.com/errata/RHSA-2010:0546
RHSA-2010:0547		https://access.redhat.com/errata/RHSA-2010:0547
USN-930-4		https://usn.ubuntu.com/930-4/
USN-957-1		https://usn.ubuntu.com/957-1/
USN-958-1		https://usn.ubuntu.com/958-1/
USN-960-1		https://usn.ubuntu.com/960-1/

Data source	Exploit-DB
Date added	July 20, 2010
Description	libpng 1.4.2 - Denial of Service
Ransomware campaign use	Known
Source publication date	July 20, 2010
Exploit type	dos
Platform	multiple
Source update date	July 20, 2010

Exploit Prediction Scoring System (EPSS)

Percentile	0.94616
EPSS Score	0.14816
Published At	May 29, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-05-29T08:27:13.016996+00:00	Mozilla Importer	Import	https://github.com/mozilla/foundation-security-advisories/blob/master/announce/2010/mfsa2010-41.md	38.6.0