{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/2143?format=json","vulnerability_id":"VCID-b757-b3zk-c7d8","summary":"OUSPG researcher Aki Helin reported a buffer\noverflow in Mozilla graphics code which consumes image data processed\nby libpng.  A malformed PNG file could be created which would cause\nlibpng to incorrectly report the size of the image to downstream\nconsumers.  When the dimensions of such images are underreported, the\nMozilla code responsible for displaying the graphic will allocate too\nsmall a memory buffer to contain the image data and will wind up\nwriting data past the end of the buffer.  This could result in the\nexecution of attacker-controlled memory.","aliases":[{"alias":"CVE-2010-1205"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6317?format=json","purl":"pkg:deb/debian/tuxonice-userui@1.1-1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tuxonice-userui@1.1-1"},{"url":"http://public2.vulnerablecode.io/api/packages/973?format=json","purl":"pkg:mozilla/Firefox@3.5.11","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.5.11"},{"url":"http://public2.vulnerablecode.io/api/packages/972?format=json","purl":"pkg:mozilla/Firefox@3.6.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Firefox@3.6.7"},{"url":"http://public2.vulnerablecode.io/api/packages/974?format=json","purl":"pkg:mozilla/SeaMonkey@2.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/SeaMonkey@2.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/996?format=json","purl":"pkg:mozilla/Thunderbird@3.0.6","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/980?format=json","purl":"pkg:mozilla/Thunderbird@3.1.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:mozilla/Thunderbird@3.1.1"},{"url":"http://public2.vulnerablecode.io/api/packages/51165?format=json","purl":"pkg:nuget/libpng@1.5.10.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.5.10.9"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/6316?format=json","purl":"pkg:deb/debian/tuxonice-userui@0.7.2%2Bclean-4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b757-b3zk-c7d8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/tuxonice-userui@0.7.2%252Bclean-4"},{"url":"http://public2.vulnerablecode.io/api/packages/51164?format=json","purl":"pkg:nuget/libpng@1.4.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-24gs-g6rh-v7gh"},{"vulnerability":"VCID-4se8-jgv9-f3cb"},{"vulnerability":"VCID-8t7j-kq5w-3kd3"},{"vulnerability":"VCID-97n4-usr2-m3b1"},{"vulnerability":"VCID-b757-b3zk-c7d8"},{"vulnerability":"VCID-m97q-c2fu-7kd9"},{"vulnerability":"VCID-nyc6-h81f-rqav"},{"vulnerability":"VCID-p2gz-v2eb-n3bs"},{"vulnerability":"VCID-rcb6-uwnn-1ffn"},{"vulnerability":"VCID-wvz9-9g5m-k3cn"},{"vulnerability":"VCID-y21n-ekwz-ayep"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:nuget/libpng@1.4.0"}],"references":[{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205","reference_id":"CVE-2010-1205","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1205","reference_id":"CVE-2010-1205","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2010-1205"},{"reference_url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41","reference_id":"mfsa2010-41","reference_type":"","scores":[{"value":"critical","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://www.mozilla.org/en-US/security/advisories/mfsa2010-41"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":120,"name":"Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')","description":"The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":"9.0 - 10.0","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-b757-b3zk-c7d8"}