CVE-2010-0205

Priority
Medium
Description
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before
1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly
handle compressed ancillary-chunk data that has a disproportionately large
uncompressed representation, which allows remote attackers to cause a
denial of service (memory and CPU consumption, and application hang) via a
crafted PNG file, as demonstrated by use of the deflate compression method
on data composed of many occurrences of the same character, related to a
"decompression bomb" attack.
References
Bugs
Package
Upstream:released (1.4.1)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.2)
Ubuntu 10.04 LTS (Lucid Lynx):released (1.2.42-1ubuntu2)
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=a2cde53c878054847a57c2c793febcaf78f823e0#patch3
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected (3.6.3+nobinonly-0ubuntu2)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:20:38 UTC (commit 5347)