Search for vulnerabilities
Vulnerability details: VCID-mfxw-xnvp-aaac
Vulnerability ID VCID-mfxw-xnvp-aaac
Aliases CVE-2010-0205
Summary Uncontrolled Resource Consumption The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (4)
CWE-400 Uncontrolled Resource Consumption
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-409 Improper Handling of Highly Compressed Data (Data Amplification)
System Score Found at
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
generic_textual MODERATE http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
rhas Important https://access.redhat.com/errata/RHSA-2010:0534
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01260 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01554 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01554 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01554 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.01554 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.08131 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
epss 0.17313 https://api.first.org/data/v1/epss?cve=CVE-2010-0205
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=566234
cvssv2 4.3 https://nvd.nist.gov/vuln/detail/CVE-2010-0205
generic_textual MODERATE http://www.vupen.com/english/advisories/2010/1107
Reference id Reference type URL
http://libpng.sourceforge.net/ADVISORY-1.4.1.html
http://libpng.sourceforge.net/decompression_bombs.html
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037237.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037355.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037364.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-March/037607.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
http://osvdb.org/62670
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2010-0205.json
https://api.first.org/data/v1/epss?cve=CVE-2010-0205
http://secunia.com/advisories/38774
http://secunia.com/advisories/39251
http://secunia.com/advisories/41574
https://exchange.xforce.ibmcloud.com/vulnerabilities/56661
http://support.apple.com/kb/HT4435
http://ubuntu.com/usn/usn-913-1
http://www.debian.org/security/2010/dsa-2032
http://www.kb.cert.org/vuls/id/576029
http://www.mandriva.com/security/advisories?name=MDVSA-2010:063
http://www.mandriva.com/security/advisories?name=MDVSA-2010:064
http://www.securityfocus.com/bid/38478
http://www.securitytracker.com/id?1023674
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
http://www.vupen.com/english/advisories/2010/0517
http://www.vupen.com/english/advisories/2010/0605
http://www.vupen.com/english/advisories/2010/0626
http://www.vupen.com/english/advisories/2010/0637
http://www.vupen.com/english/advisories/2010/0667
http://www.vupen.com/english/advisories/2010/0682
http://www.vupen.com/english/advisories/2010/0686
http://www.vupen.com/english/advisories/2010/0847
http://www.vupen.com/english/advisories/2010/1107
http://www.vupen.com/english/advisories/2010/2491
566234 https://bugzilla.redhat.com/show_bug.cgi?id=566234
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:11:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*
CVE-2010-0205 https://nvd.nist.gov/vuln/detail/CVE-2010-0205
GLSA-201010-01 https://security.gentoo.org/glsa/201010-01
RHSA-2010:0534 https://access.redhat.com/errata/RHSA-2010:0534
USN-913-1 https://usn.ubuntu.com/913-1/
No exploits are available.
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2010-0205
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.86006
EPSS Score 0.01260
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.