CVE-2010-0205: Uncontrolled Resource Consumption

March 3, 2010 (updated August 7, 2020)

The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a “decompression bomb” attack.

References

nvd.nist.gov/vuln/detail/CVE-2010-0205

Code Behaviors & Features

Detect and mitigate CVE-2010-0205 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →