VYPR
Get started
← All advisories
Medium severity6.5NVD Advisory· Published Jun 30, 2010· Updated Apr 29, 2026

CVE-2010-2249

CVE-2010-2249

Description

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Affected products

21
  • Apple Inc./iTunes
    cpe:2.3:a:apple:itunes:*:*:*:*:*:*:*:*
    Range: <10.2
  • Apple Inc./Safari
    cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
    Range: <5.0.4
  • Libpng/Libpng
    cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
    Range: <1.2.44
  • VMware/Player
    cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
    Range: >=2.5,<2.5.5
  • VMware/Workstation
    cpe:2.3:a:vmware:workstation:*:*:*:*:*:*:*:*
    Range: >=6.5.0,<6.5.5
  • Apple Inc./Iphone Os
    cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
    Range: >=2.0,<=4.1
  • Apple Inc./tvOS
    cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
    Range: <4.1.0
  • Canonical (company)/Ubuntu Linux5 versions
    cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 4 more
    • cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
    • cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
  • Debian/Debian Linux
    cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:*
  • Fedoraproject/Fedora2 versions
    cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*
  • OpenSUSE/openSUSE2 versions
    cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:*
    • cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
  • SUSE S.A./Linux Enterprise Server4 versions
    cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*+ 3 more
    • cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:*:*:*:*
    • cpe:2.3:o:suse:linux_enterprise_server:9:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

40

News mentions

0

No linked articles in our index yet.