1
PublicDateAtUSN: 2010-03-03
2
Candidate: CVE-2010-0205
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0205
6
https://usn.ubuntu.com/usn/usn-913-1
8
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before
9
1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly
10
handle compressed ancillary-chunk data that has a disproportionately large
11
uncompressed representation, which allows remote attackers to cause a
12
denial of service (memory and CPU consumption, and application hang) via a
13
crafted PNG file, as demonstrated by use of the deflate compression method
14
on data composed of many occurrences of the same character, related to a
15
"decompression bomb" attack.
19
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572308
20
https://bugs.launchpad.net/ubuntu/+source/libpng/+bug/533140
26
upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=a2cde53c878054847a57c2c793febcaf78f823e0#patch3
27
upstream_libpng: released (1.4.1)
28
dapper_libpng: released (1.2.8rel-5ubuntu0.5)
29
hardy_libpng: released (1.2.15~beta5-3ubuntu0.2)
30
intrepid_libpng: released (1.2.27-1ubuntu0.2)
31
jaunty_libpng: released (1.2.27-2ubuntu2.1)
32
karmic_libpng: released (1.2.37-1ubuntu0.1)
33
devel_libpng: released (1.2.42-1ubuntu2)
37
upstream_firefox: needs-triage
38
dapper_firefox: ignored (reached end-of-life)
39
hardy_firefox: ignored (uses system libpng)
43
devel_firefox: not-affected (3.6.3+nobinonly-0ubuntu2)