{"vuid":"VU#576029","idnumber":"576029","name":"libpng stalls on highly compressed ancillary chunks","keywords":["libpng","PNG"],"overview":"Libpng stalls and consumes large quantities of memory while processing certain Portable Network Graphics (PNG) files.","clean_desc":"When processing PNG files containing highly compressed ancillary chunks, the png_decompress_chunk() function in libpng can consume large amounts of CPU time and memory. This resource consumption may hang applications that use libpng. More information is available in the PNG Development Group security advisory and supplementary document, Defending Libpng Applications Against Decompression Bombs.","impact":"This vulnerability could allow an unauthenticated, remote attacker to cause a denial of service.","resolution":"Upgrade\nThe PNG Development Group has released versions 1.4.1, 1.2.43, and 1.0.53, which provide more efficient decompression of ancillary chunks. This update decreases resource consumption associated with chunk decompression, but may not provide a complete defense unless coupled with appropriate memory limits. Set limits on memory usage and number of cached ancillary chunks Libpng provides functions to limit memory consumption and number of cached ancillary chunks. Applications that use libpng should use these functions to set appropriate limits. Please see defense #2 in the document Defending Libpng Applications Against Decompression Bombs for more information.","workarounds":"Disable Ancillary Chunk Decoding\nDevelopers who build versions of libpng can choose to ignore ancillary chunks by defining specific preprocessor macros. Please see defense #3 in the document Defending Libpng Applications Against Decompression Bombs for more information.","sysaffected":"","thanks":"This issue was reported by the \nPNG Development Group","author":"This document was written by David Warren.","public":["http://libpng.sourceforge.net/ADVISORY-1.4.1.html","http://libpng.sourceforge.net/decompression_bombs.html"],"cveids":["CVE-2010-0205"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2010-02-11T18:14:25Z","publicdate":"2010-03-01T00:00:00Z","datefirstpublished":"2010-03-02T14:58:37Z","dateupdated":"2010-03-02T14:58:50Z","revision":17,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"13","cam_exploitation":"0","cam_internetinfrastructure":"5","cam_population":"7","cam_impact":"3","cam_easeofexploitation":"6","cam_attackeraccessrequired":"20","cam_scorecurrent":"0.8505","cam_scorecurrentwidelyknown":"1.18125","cam_scorecurrentwidelyknownexploited":"2.12625","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":0.8505,"vulnote":null}