Launchpad.net

CVE 2010-0205

The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a "decompression bomb" attack.

Related bugs and status

CVE-2010-0205 (Candidate) is related to these bugs:

Bug #533140: CVE-2010-0205 libpng stalls and consumes large quantities of memory while processing certain PNG files

Summary				In	Importance	Status
	533140	CVE-2010-0205 libpng stalls and consumes large quantities of memory while processing certain PNG files		libpng (Ubuntu)	Medium	Fix Released
	533140	CVE-2010-0205 libpng stalls and consumes large quantities of memory while processing certain PNG files		libpng (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://libpng.sourcefo...
CONFIRM: http://libpng.sourcefo...
CERT-VN: VU#576029
BID: 38478
FEDORA: FEDORA-2010-2988
FEDORA: FEDORA-2010-3375
FEDORA: FEDORA-2010-3414
UBUNTU: USN-913-1
VUPEN: ADV-2010-0605
VUPEN: ADV-2010-0637
VUPEN: ADV-2010-0626
SECUNIA: 38774
VUPEN: ADV-2010-0517
DEBIAN: DSA-2032
OSVDB: 62670
SECTRACK: 1023674
SECUNIA: 39251
VUPEN: ADV-2010-0847
FEDORA: FEDORA-2010-4683
MANDRIVA: MDVSA-2010:063
MANDRIVA: MDVSA-2010:064
VUPEN: ADV-2010-0667
VUPEN: ADV-2010-0682
VUPEN: ADV-2010-0686
SUSE: SUSE-SR:2010:011
VUPEN: ADV-2010-1107
SUSE: SUSE-SR:2010:012
SUSE: SUSE-SR:2010:013
MLIST: [security-announce] 20...
CONFIRM: http://www.vmware.com/...
SECUNIA: 41574
VUPEN: ADV-2010-2491
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2010-11-10-1
XF: libpng-pngdecompressch...