CVE-2010-1205

CVE Database · CVE-2010-1205

CVE-2010-1205

· CRITICALModified

CVSS v3.1

9.8

EPSS

43.38%

Published

Jun 30, 2010

Modified

Apr 28, 2026

Public PoC / Exploit (2)

All weaponized →

Exploit-DBlibpng 1.4.2 - Denial of Service TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-120

Affected Products (31)

libpng · libpng (up to 1.2.44)vulnerable

libpng · libpng (up to 1.4.3)vulnerable

google · chrome (up to 5.0.375.99)vulnerable

apple · itunes (up to 10.2)vulnerable

apple · safari (up to 5.0.4)vulnerable

apple · iphone_osvulnerable

apple · mac_os_x (up to 10.6.4)vulnerable

apple · mac_os_x_server (up to 10.6.4)vulnerable

fedoraproject · fedora

References (20)

http://blackberry.com/btsc/KB27244

Broken Link

http://code.google.com/p/chromium/issues/detail?id=45983

ExploitIssue TrackingMailing List

http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html

Release NotesThird Party Advisory

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18

http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

Mailing ListThird Party Advisory

http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

KEV Catalog EPSS Scores Vendors All CVEs