CVE-2010-1205

9.8 CRITICAL
Published: June 30, 2010 Modified: April 29, 2026
View on NVD

Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

CVSS v3.x Details

0.0 Low Medium High Critical 10.0
Vector String
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://blackberry.com/btsc/KB27244
Source: cve@mitre.org
Broken Link
http://code.google.com/p/chromium/issues/detail?id=45983
Source: cve@mitre.org
Exploit Issue Tracking Mailing List Third Party Advisory
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
Source: cve@mitre.org
Release Notes Third Party Advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
Source: cve@mitre.org
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Source: cve@mitre.org
Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Source: cve@mitre.org
Mailing List Patch Third Party Advisory
http://secunia.com/advisories/40302
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/40336
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/40472
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/40547
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/41574
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/42314
Source: cve@mitre.org
Broken Link
http://secunia.com/advisories/42317
Source: cve@mitre.org
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
Source: cve@mitre.org
Mailing List Patch Third Party Advisory
http://support.apple.com/kb/HT4312
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT4435
Source: cve@mitre.org
Broken Link
http://support.apple.com/kb/HT4456
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT4457
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT4554
Source: cve@mitre.org
Third Party Advisory
http://support.apple.com/kb/HT4566
Source: cve@mitre.org
Broken Link
http://trac.webkit.org/changeset/61816
Source: cve@mitre.org
Patch Third Party Advisory
http://www.debian.org/security/2010/dsa-2072
Source: cve@mitre.org
Third Party Advisory
http://www.libpng.org/pub/png/libpng.html
Source: cve@mitre.org
Product Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
Source: cve@mitre.org
Broken Link
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
Source: cve@mitre.org
Third Party Advisory
http://www.securityfocus.com/bid/41174
Source: cve@mitre.org
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-960-1
Source: cve@mitre.org
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Source: cve@mitre.org
Patch Third Party Advisory
http://www.vupen.com/english/advisories/2010/1612
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/1637
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/1755
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/1837
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/1846
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/1877
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/2491
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/3045
Source: cve@mitre.org
Broken Link
http://www.vupen.com/english/advisories/2010/3046
Source: cve@mitre.org
Broken Link
https://bugs.webkit.org/show_bug.cgi?id=40798
Source: cve@mitre.org
Permissions Required Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
Source: cve@mitre.org
Exploit Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=608238
Source: cve@mitre.org
Issue Tracking Patch Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
Source: cve@mitre.org
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851
Source: cve@mitre.org
Third Party Advisory
http://blackberry.com/btsc/KB27244
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://code.google.com/p/chromium/issues/detail?id=45983
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Issue Tracking Mailing List Third Party Advisory
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
Source: af854a3a-2127-422b-91ae-364da2661108
Release Notes Third Party Advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Third Party Advisory
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Patch Third Party Advisory
http://secunia.com/advisories/40302
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/40336
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/40472
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/40547
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/41574
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/42314
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://secunia.com/advisories/42317
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing List Patch Third Party Advisory
http://support.apple.com/kb/HT4312
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4435
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://support.apple.com/kb/HT4456
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4457
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4554
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://support.apple.com/kb/HT4566
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://trac.webkit.org/changeset/61816
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
http://www.debian.org/security/2010/dsa-2072
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.libpng.org/pub/png/libpng.html
Source: af854a3a-2127-422b-91ae-364da2661108
Product Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.securityfocus.com/bid/41174
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-960-1
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Source: af854a3a-2127-422b-91ae-364da2661108
Patch Third Party Advisory
http://www.vupen.com/english/advisories/2010/1612
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/1637
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/1755
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/1837
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/1846
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/1877
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/2491
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/3045
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
http://www.vupen.com/english/advisories/2010/3046
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
https://bugs.webkit.org/show_bug.cgi?id=40798
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required Third Party Advisory
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=608238
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking Patch Third Party Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

98 reference(s) from NVD

Quick Stats

CVSS v3 Score
9.8 / 10.0
EPSS (Exploit Probability)
15.2%
95th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-120

Affected Vendors

libpng suse canonical vmware debian fedoraproject google apple mozilla opensuse

Related CVEs

CVE-2026-7855 8.8
CVE-2026-7854 9.8
CVE-2026-42997 7.7
CVE-2026-38428 N/A
CVE-2026-31835 N/A