CVE-2010-2249

CVSS 6.5 - MEDIUM
Description

Memory leak in pngrutil.c in libpng before 1.2.44, and 1.4.x before 1.4.3, allows remote attackers to cause a denial of service (memory consumption and application crash) via a PNG image containing malformed Physical Scale (aka sCAL) chunks.

Affected Products
24
Vendor Product Version
libpng libpng All versions
libpng libpng All versions
apple itunes All versions
apple safari All versions
apple iphone_os All versions
apple tvos All versions
fedoraproject fedora 12
fedoraproject fedora 13
opensuse opensuse 11.1
opensuse opensuse 11.2
suse linux_enterprise_server 9
suse linux_enterprise_server 10
suse linux_enterprise_server 11
suse linux_enterprise_server 11
vmware player All versions
vmware player All versions
vmware workstation All versions
vmware workstation All versions
canonical ubuntu_linux 6.06
canonical ubuntu_linux 8.04
canonical ubuntu_linux 9.04
canonical ubuntu_linux 9.10
canonical ubuntu_linux 10.04
debian debian_linux 5.0
References
http://libpng.git.sourceforge.net/git/gitweb.cgi?p...
http://lists.apple.com/archives/security-announce/...
http://lists.apple.com/archives/security-announce/...
http://lists.apple.com/archives/security-announce/...
http://lists.apple.com/archives/security-announce/...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.fedoraproject.org/pipermail/package-a...
http://lists.opensuse.org/opensuse-security-announ...
http://lists.vmware.com/pipermail/security-announc...
http://secunia.com/advisories/40302
http://secunia.com/advisories/40336
http://secunia.com/advisories/40472
http://secunia.com/advisories/40547
http://secunia.com/advisories/41574
http://secunia.com/advisories/42314
http://secunia.com/advisories/42317
http://slackware.com/security/viewer.php?l=slackwa...
http://support.apple.com/kb/HT4435
http://support.apple.com/kb/HT4456
http://support.apple.com/kb/HT4457
Weakness Types
CWE-401
CVE Information
CVE ID:
CVE-2010-2249
Published:
2010-06-30
Modified:
2026-04-29
CVSS Score:
6.5
Severity:
MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Affected Vendors
vmware canonical fedoraproject suse apple libpng debian opensuse
Quick Actions
View on NVD Find Similar CVEs
CVSS Severity Scale
0.0 - 3.9 LOW
4.0 - 6.9 MEDIUM
7.0 - 8.9 HIGH
9.0 - 10.0 CRITICAL