CVE-2010-1205

CRITICAL

libpng <1.2.44, <1.4.3 - Buffer Overflow

Title source: llm

Description

Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.

Exploits (2)

exploitdb WORKING POC VERIFIED
by kripthor · cdosmultiple
https://www.exploit-db.com/exploits/14422
nomisec WORKING POC 4 stars
by mk219533 · poc
https://github.com/mk219533/CVE-2010-1205

References (49)

... and 29 more

Scores

CVSS v3 9.8
EPSS 0.1523
EPSS Percentile 94.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-120
Status published
Products (25)
apple/iphone_os 2.0 - 4.1
apple/itunes < 10.2
apple/mac_os_x 10.6.0 - 10.6.4
apple/mac_os_x_server 10.6.0 - 10.6.4
apple/safari < 5.0.4
canonical/ubuntu_linux 6.06
canonical/ubuntu_linux 8.04
canonical/ubuntu_linux 9.04
canonical/ubuntu_linux 9.10
canonical/ubuntu_linux 10.04
... and 15 more
Published Jun 30, 2010
Tracked Since Feb 18, 2026