Exploitation Summary
EIP tracks 2 public exploits for CVE-2010-1205. PoCs published by kripthor, mk219533.
AI-analyzed exploit summary This exploit generates a malformed PNG file that triggers a denial-of-service (DoS) condition in libpng versions <= 1.4.2 by manipulating the image height field to cause a buffer overflow. The PoC constructs a PNG with mismatched height values in the header and data, leading to a crash in applications using the vulnerable library.
Description
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by kripthor · cdosmultiple
https://www.exploit-db.com/exploits/14422
This exploit generates a malformed PNG file that triggers a denial-of-service (DoS) condition in libpng versions <= 1.4.2 by manipulating the image height field to cause a buffer overflow. The PoC constructs a PNG with mismatched height values in the header and data, leading to a crash in applications using the vulnerable library.
Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:
libpng <= 1.4.2 (and applications using it, e.g., Firefox <= 3.6.6, Thunderbird <= 3.0.4)
No auth needed
Prerequisites:
Ability to deliver a malformed PNG file to the target application
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
nomisec
WORKING POC
4 stars
by mk219533 · poc
https://github.com/mk219533/CVE-2010-1205
This repository contains a functional exploit for CVE-2010-1205, a heap overflow vulnerability in libpng <= 1.4.2. The exploit generates a malformed PNG file that triggers a segmentation fault when processed by vulnerable software.
Classification
Working Poc 95%
Attack Type
Dos
Complexity
Moderate
Reliability
Reliable
Target:
libpng <= 1.4.2
No auth needed
Prerequisites:
Vulnerable version of libpng (<= 1.4.2) · Ability to deliver malformed PNG file to target
MITRE ATT&CK
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (49)
Core 49
Core References
Broken Link vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2010:133
Patch, Third Party Advisory x_refsource_confirm
http://www.vmware.com/security/advisories/VMSA-2010-0014.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/41174
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1877
Release Notes, Third Party Advisory x_refsource_confirm
http://googlechromereleases.blogspot.com/2010/07/stable-channel-update.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3045
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/59815
Broken Link x_refsource_confirm
http://support.apple.com/kb/HT4435
Third Party Advisory x_refsource_confirm
http://www.mozilla.org/security/announce/2010/mfsa2010-41.html
Third Party Advisory vdb-entry
signature
x_refsource_oval
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1837
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.mozilla.org/show_bug.cgi?id=570451
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4457
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1755
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/3046
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40472
Broken Link x_refsource_confirm
http://support.apple.com/kb/HT4566
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40302
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40336
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/41574
Third Party Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-960-1
Broken Link x_refsource_confirm
http://blackberry.com/btsc/KB27244
Product, Vendor Advisory x_refsource_confirm
http://www.libpng.org/pub/png/libpng.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011/Mar/msg00000.html
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42317
Mailing List, Patch, Third Party Advisory mailing-list
x_refsource_mlist
http://lists.vmware.com/pipermail/security-announce/2010/000105.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2010/dsa-2072
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4312
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/40547
Broken Link third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/42314
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1637
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4554
Mailing List, Third Party Advisory vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2011//Mar/msg00004.html
Mailing List, Patch, Third Party Advisory vendor-advisory
x_refsource_slackware
http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html
Permissions Required, Third Party Advisory x_refsource_confirm
https://bugs.webkit.org/show_bug.cgi?id=40798
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT4456
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/2491
Patch, Third Party Advisory x_refsource_confirm
http://trac.webkit.org/changeset/61816
Product x_refsource_confirm
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18
Exploit, Issue Tracking, Mailing List, Third Party Advisory x_refsource_confirm
http://code.google.com/p/chromium/issues/detail?id=45983
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1846
Issue Tracking, Patch, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=608238
Mailing List, Third Party Advisory vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2010//Nov/msg00003.html
Broken Link vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1612
Scores
CVSS v3
9.8
EPSS
0.1900
EPSS Percentile
95.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-120
Status
published
Products (25)
apple/iphone_os
2.0 - 4.1
apple/itunes
< 10.2
apple/mac_os_x
10.6.0 - 10.6.4
apple/mac_os_x_server
10.6.0 - 10.6.4
apple/safari
< 5.0.4
canonical/ubuntu_linux
6.06
canonical/ubuntu_linux
8.04
canonical/ubuntu_linux
9.04
canonical/ubuntu_linux
9.10
canonical/ubuntu_linux
10.04
... and 15 more
Published
Jun 30, 2010
Tracked Since
Feb 18, 2026