Lucene search

Veracode Vulnerability DatabaseVERACODE:24014

HistoryApr 10, 2020 - 12:43 a.m.

Arbitrary Code Execution

2020-04-1000:43:55

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.664 Medium

EPSS

Percentile

98.0%

JSON

libpng is vulnerable to arbitrary code execution.The vulnerability exists as a memory corruption flaw was found in the way applications, using the libpng library and its progressive reading method, decoded certain PNG images. An attacker could create a specially-crafted PNG image that, when opened, could cause an application using libpng to crash or, potentially, execute arbitrary code with the privileges of the user running the application.

CPENameOperatorVersion
libpngeq1.2.7__1.el4.2
thunderbirdeq2.0.0.18__1.el5
thunderbirdeq2.0.0.21__1.el5
thunderbirdeq2.0.0.22__2.el5_3
thunderbirdeq1.5.0.12__1.el5
thunderbirdeq2.0.0.17__1.el5
thunderbirdeq2.0.0.14__1.el5_2
thunderbirdeq2.0.0.16__1.el5
thunderbirdeq1.5.0.9__6.el5
thunderbirdeq2.0.0.12__5.el5

Name	Operator	Version
libpng	eq	1.2.7__1.el4.2
thunderbird	eq	2.0.0.18__1.el5
thunderbird	eq	2.0.0.21__1.el5
thunderbird	eq	2.0.0.22__2.el5_3
thunderbird	eq	1.5.0.12__1.el5
thunderbird	eq	2.0.0.17__1.el5
thunderbird	eq	2.0.0.14__1.el5_2
thunderbird	eq	2.0.0.16__1.el5
thunderbird	eq	1.5.0.9__6.el5
thunderbird	eq	2.0.0.12__5.el5

Rows per page:

1-10 of 3261

References

blackberry.com/btsc/KB27244

code.google.com/p/chromium/issues/detail?id=45983

googlechromereleases.blogspot.com/2010/07/stable-channel-update.html

libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=188eb6b42602bf7d7ae708a21897923b6a83fe7c#patch18

lists.apple.com/archives/security-announce/2010//Aug/msg00003.html

lists.apple.com/archives/security-announce/2010//Nov/msg00000.html

lists.apple.com/archives/security-announce/2010//Nov/msg00003.html

lists.apple.com/archives/security-announce/2011//Mar/msg00004.html

lists.apple.com/archives/security-announce/2011/Mar/msg00000.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044283.html

lists.fedoraproject.org/pipermail/package-announce/2010-July/044397.html

lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html

lists.vmware.com/pipermail/security-announce/2010/000105.html

secunia.com/advisories/40302

secunia.com/advisories/40336

secunia.com/advisories/40472

secunia.com/advisories/40547

secunia.com/advisories/41574

secunia.com/advisories/42314

secunia.com/advisories/42317

slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.613061

support.apple.com/kb/HT4312

support.apple.com/kb/HT4435

support.apple.com/kb/HT4456

support.apple.com/kb/HT4457

support.apple.com/kb/HT4554

support.apple.com/kb/HT4566

trac.webkit.org/changeset/61816

www.debian.org/security/2010/dsa-2072

www.libpng.org/pub/png/libpng.html

www.mandriva.com/security/advisories?name=MDVSA-2010:133

www.mozilla.org/security/announce/2010/mfsa2010-41.html

www.redhat.com/security/updates/classification/#important

www.securityfocus.com/bid/41174

www.ubuntu.com/usn/USN-960-1

www.vmware.com/security/advisories/VMSA-2010-0014.html

www.vupen.com/english/advisories/2010/1612

www.vupen.com/english/advisories/2010/1637

www.vupen.com/english/advisories/2010/1755

www.vupen.com/english/advisories/2010/1837

www.vupen.com/english/advisories/2010/1846

www.vupen.com/english/advisories/2010/1877

www.vupen.com/english/advisories/2010/2491

www.vupen.com/english/advisories/2010/3045

www.vupen.com/english/advisories/2010/3046

access.redhat.com/errata/RHSA-2010:0534

bugs.webkit.org/show_bug.cgi?id=40798

bugzilla.mozilla.org/show_bug.cgi?id=570451

bugzilla.redhat.com/show_bug.cgi?id=608238

exchange.xforce.ibmcloud.com/vulnerabilities/59815

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11851