CVE-2010-1516 - Vulnerability Details - OpenCVE

Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Swftools	Swftools

Configuration 1 [-]

cpe:2.3:a:swftools:swftools:0.9.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/39970
http://secunia.com/advisories/48821
http://secunia.com/secunia_research/2010-80/
http://security.gentoo.org/glsa/glsa-201204-05.xml
http://www.securityfocus.com/archive/1/513102/100/0/threaded

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2010-08-17T18:00:00

Updated: 2024-08-07T01:28:41.582Z

Reserved: 2010-04-26T00:00:00

Link: CVE-2010-1516

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2010-08-17T22:00:01.110

Modified: 2025-04-11T00:51:21.963

Link: CVE-2010-1516

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-08-13T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "39970", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/39970"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2010-80/"}, {"name": "GLSA-201204-05", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-201204-05.xml"}, {"name": "48821", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/48821"}, {"name": "20100813 Secunia Research: SWFTools Two Integer Overflow Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/513102/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2010-1516", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "39970", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/39970"}, {"name": "http://secunia.com/secunia_research/2010-80/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2010-80/"}, {"name": "GLSA-201204-05", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-201204-05.xml"}, {"name": "48821", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/48821"}, {"name": "20100813 Secunia Research: SWFTools Two Integer Overflow Vulnerabilities", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/513102/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:28:41.582Z"}, "title": "CVE Program Container", "references": [{"name": "39970", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/39970"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2010-80/"}, {"name": "GLSA-201204-05", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-201204-05.xml"}, {"name": "48821", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/48821"}, {"name": "20100813 Secunia Research: SWFTools Two Integer Overflow Vulnerabilities", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/513102/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2010-1516", "datePublished": "2010-08-17T18:00:00", "dateReserved": "2010-04-26T00:00:00", "dateUpdated": "2024-08-07T01:28:41.582Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:swftools:swftools:0.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "BF6E7653-1876-4DC5-B895-36E0A826A339", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple integer overflows in SWFTools 0.9.1 allow remote attackers to execute arbitrary code via (1) a crafted PNG file, related to the getPNG function in lib/png.c; or (2) a crafted JPEG file, related to the jpeg_load function in lib/jpeg.c."}, {"lang": "es", "value": "M\u00faltiples desbordamientos de entero en SWFTools v0.9.1 permite a atacantes remotos ejecutar c\u00f3digo a su elecci\u00f3n a trav\u00e9s de (1) un fichero PNG manipulado, relacionado con la funci\u00f3n getPNG en lib/png.c; o (2) un fichero JPG manipulado, relacionado con la funci\u00f3n jpeg_load en lib/jpeg.c."}], "id": "CVE-2010-1516", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2010-08-17T22:00:01.110", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39970"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://secunia.com/advisories/48821"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-80/"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://security.gentoo.org/glsa/glsa-201204-05.xml"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/archive/1/513102/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/39970"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/48821"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/secunia_research/2010-80/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-201204-05.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/513102/100/0/threaded"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-189"}], "source": "nvd@nist.gov", "type": "Primary"}]}