PublicDateAtUSN: 2010-06-30
Candidate: CVE-2010-1205
PublicDate: 2010-06-30 18:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1205
 http://www.libpng.org/pub/png/libpng.html
 http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
 https://ubuntu.com/security/notices/USN-960-1
 https://ubuntu.com/security/notices/USN-930-4
 https://ubuntu.com/security/notices/USN-957-1
 https://ubuntu.com/security/notices/USN-958-1
Description:
 Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before
 1.4.3, as used in progressive applications, might allow remote attackers to
 execute arbitrary code via a PNG image that triggers an additional data
 row.
Ubuntu-Description:
Notes:
Bugs:
 https://bugzilla.redhat.com/show_bug.cgi?id=608238
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]

Patches_libpng:
upstream_libpng: released (1.2.44,1.4.3)
dapper_libpng: released (1.2.8rel-5ubuntu0.6)
hardy_libpng: released (1.2.15~beta5-3ubuntu0.3)
jaunty_libpng: released (1.2.27-2ubuntu2.2)
karmic_libpng: released (1.2.37-1ubuntu0.2)
lucid_libpng: released (1.2.42-1ubuntu2.1)
devel_libpng: not-affected (1.2.44-1)

Patches_firefox:
upstream_firefox: needs-triage
dapper_firefox: ignored (uses system libpng)
hardy_firefox: ignored (uses system libpng)
jaunty_firefox: DNE
karmic_firefox: DNE
lucid_firefox: released (3.6.7+build2+nobinonly-0ubuntu0.10.04.1)
devel_firefox: released (3.6.7+build2+nobinonly-0ubuntu1)

Patches_chromium-browser:
upstream_chromium-browser: released (5.0.375.99)
dapper_chromium-browser: DNE
hardy_chromium-browser: DNE
jaunty_chromium-browser: DNE
karmic_chromium-browser: DNE
lucid_chromium-browser: released (6.0.472.53~r57914-0ubuntu0.10.04.1)
devel_chromium-browser: not-affected (5.0.375.99~r51029-0ubuntu1)

Patches_xulrunner-1.9.2:
upstream_xulrunner-1.9.2: needs-triage
dapper_xulrunner-1.9.2: DNE
hardy_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.8.04.2)
jaunty_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.04.2)
karmic_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.9.10.2)
lucid_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu0.10.04.1)
devel_xulrunner-1.9.2: released (1.9.2.7+build2+nobinonly-0ubuntu1)

Patches_thunderbird:
upstream_thunderbird: released (3.0.6)
dapper_thunderbird: DNE
hardy_thunderbird: not-affected
intrepid_thunderbird: not-affected
jaunty_thunderbird: not-affected
karmic_thunderbird: not-affected
lucid_thunderbird: released (3.0.6+build2+nobinonly-0ubuntu0.10.04.1)
devel_thunderbird: not-affected (3.0.6+build2+nobinonly-0ubuntu1)