CVE-2010-1205

Publication date 30 June 2010

Last updated 25 August 2025

Ubuntu priority

Medium

Why this priority?

Cvss 3 Severity Score

9.8 · Critical

Score breakdown

Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Status

Package Ubuntu Release Status
chromium-browser 10.04 LTS lucid
Fixed 6.0.472.53~r57914-0ubuntu0.10.04.1
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Not in release
6.06 LTS dapper Not in release
firefox 10.04 LTS lucid
Fixed 3.6.7+build2+nobinonly-0ubuntu0.10.04.1
9.10 karmic Not in release
9.04 jaunty Not in release
8.04 LTS hardy Ignored end of life
6.06 LTS dapper Ignored end of life
libpng 10.04 LTS lucid
Fixed 1.2.42-1ubuntu2.1
9.10 karmic
Fixed 1.2.37-1ubuntu0.2
9.04 jaunty
Fixed 1.2.27-2ubuntu2.2
8.04 LTS hardy
Fixed 1.2.15~beta5-3ubuntu0.3
6.06 LTS dapper
Fixed 1.2.8rel-5ubuntu0.6
thunderbird 10.04 LTS lucid
Fixed 3.0.6+build2+nobinonly-0ubuntu0.10.04.1
9.10 karmic
Not affected
9.04 jaunty
Not affected
8.10 intrepid
Not affected
8.04 LTS hardy
Not affected
6.06 LTS dapper Not in release
xulrunner-1.9.2 10.04 LTS lucid
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1
9.10 karmic
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2
9.04 jaunty
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2
8.04 LTS hardy
Fixed 1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2
6.06 LTS dapper Not in release

Severity score breakdown

Parameter Value
Base score 9.8 · Critical
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Related Ubuntu Security Notices (USN)

    • USN-957-1
    • Firefox and Xulrunner vulnerabilities
    • 23 July 2010
    • USN-930-4
    • Firefox and Xulrunner vulnerabilities
    • 23 July 2010
    • USN-958-1
    • Thunderbird vulnerabilities
    • 26 July 2010
    • USN-960-1
    • libpng vulnerabilities
    • 8 July 2010

Other references