Description
A memory corruption flaw was found in the way applications, using the
libpng library and its progressive reading method, decoded certain PNG
images. An attacker could create a specially-crafted PNG image that, when
opened, could cause an application using libpng to crash or, potentially,
execute arbitrary code with the privileges of the user running the
application. (CVE-2010-1205)
A denial of service flaw was found in the way applications using the libpng
library decoded PNG images that have certain, highly compressed ancillary
chunks. An attacker could create a specially-crafted PNG image that could
cause an application using libpng to consume excessive amounts of memory
and CPU time, and possibly crash. (CVE-2010-0205)
A memory leak flaw was found in the way applications using the libpng
library decoded PNG images that use the Physical Scale (sCAL) extension. An
attacker could create a specially-crafted PNG image that could cause an
application using libpng to exhaust all available memory and possibly crash
or exit. (CVE-2010-2249)
A sensitive information disclosure flaw was found in the way applications
using the libpng library processed 1-bit interlaced PNG images. An attacker
could create a specially-crafted PNG image that could cause an application
using libpng to disclose uninitialized memory. (CVE-2009-2042)