Critical severity9.8NVD Advisory· Published Jun 30, 2010· Updated Apr 29, 2026

CVE-2010-1205

Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Affected products

Apple Inc./iTunes
cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
Range: <10.2
Apple Inc./Safari
cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
Range: <5.0.4
Google/Chrome
cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
Range: <5.0.375.99
Libpng/Libpng
cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
Range: <1.2.44
Mozilla Corporation/Firefox
cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*
Range: <3.5.11
Mozilla Corporation/Seamonkey
cpe:2.3:a:mozilla:seamonkey:*:*:*:*:*:*:*:*
Range: <2.0.6
Mozilla Corporation/Thunderbird
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Range: <3.0.6
VMware/Player
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
Range: >=2.5,<2.5.5
VMware/Workstation
cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
Range: >=6.5.0,<6.5.5
Apple Inc./Iphone Os
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
Range: >=2.0,<=4.1
Apple Inc./Mac Os X
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
Range: >=10.6.0,<10.6.4
Apple Inc./Mac Os X Server
cpe:2.3:o:apple:mac_os_x_server:*:*:*:*:*:*:*:*
Range: >=10.6.0,<10.6.4
Canonical (company)/Ubuntu Linux5 versions
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
Fedoraproject/Fedora2 versions
cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
OpenSUSE/openSUSE2 versions
cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
SUSE S.A./Linux Enterprise Server4 versions
cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.vmware.com/pipermail/security-announce/2010/000105.htmlnvdMailing ListPatchThird Party Advisory
slackware.com/security/viewer.phpnvdMailing ListPatchThird Party Advisory
trac.webkit.org/changeset/61816nvdPatchThird Party Advisory
www.vmware.com/security/advisories/VMSA-2010-0014.htmlnvdPatchThird Party Advisory
bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party Advisory
code.google.com/p/chromium/issues/detailnvdExploitIssue TrackingMailing ListThird Party Advisory
bugzilla.mozilla.org/show_bug.cginvdExploitIssue TrackingThird Party Advisory
googlechromereleases.blogspot.com/2010/07/stable-channel-update.htmlnvdRelease NotesThird Party Advisory
lists.apple.com/archives/security-announce/2010//Aug/msg00003.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00000.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2010//Nov/msg00003.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2011//Mar/msg00004.htmlnvdMailing ListThird Party Advisory
lists.apple.com/archives/security-announce/2011/Mar/msg00000.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.htmlnvdMailing ListThird Party Advisory
lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.htmlnvdMailing ListThird Party Advisory
lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.htmlnvdMailing ListThird Party Advisory
support.apple.com/kb/HT4312nvdThird Party Advisory
support.apple.com/kb/HT4456nvdThird Party Advisory
support.apple.com/kb/HT4457nvdThird Party Advisory
support.apple.com/kb/HT4554nvdThird Party Advisory
www.debian.org/security/2010/dsa-2072nvdThird Party Advisory
www.libpng.org/pub/png/libpng.htmlnvdProductVendor Advisory
www.mozilla.org/security/announce/2010/mfsa2010-41.htmlnvdThird Party Advisory
www.securityfocus.com/bid/41174nvdThird Party AdvisoryVDB Entry
www.ubuntu.com/usn/USN-960-1nvdThird Party Advisory
bugs.webkit.org/show_bug.cginvdPermissions RequiredThird Party Advisory
exchange.xforce.ibmcloud.com/vulnerabilities/59815nvdThird Party AdvisoryVDB Entry
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851nvdThird Party Advisory
blackberry.com/btsc/KB27244nvdBroken Link
secunia.com/advisories/40302nvdBroken Link
secunia.com/advisories/40336nvdBroken Link
secunia.com/advisories/40472nvdBroken Link
secunia.com/advisories/40547nvdBroken Link
secunia.com/advisories/41574nvdBroken Link
secunia.com/advisories/42314nvdBroken Link
secunia.com/advisories/42317nvdBroken Link
support.apple.com/kb/HT4435nvdBroken Link
support.apple.com/kb/HT4566nvdBroken Link
www.mandriva.com/security/advisoriesnvdBroken Link
www.vupen.com/english/advisories/2010/1612nvdBroken Link
www.vupen.com/english/advisories/2010/1637nvdBroken Link
www.vupen.com/english/advisories/2010/1755nvdBroken Link
www.vupen.com/english/advisories/2010/1837nvdBroken Link
www.vupen.com/english/advisories/2010/1846nvdBroken Link
www.vupen.com/english/advisories/2010/1877nvdBroken Link
www.vupen.com/english/advisories/2010/2491nvdBroken Link
www.vupen.com/english/advisories/2010/3045nvdBroken Link
www.vupen.com/english/advisories/2010/3046nvdBroken Link
libpng.git.sourceforge.net/git/gitweb.cginvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.012
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000