CVE-2010-0205: Uncontrolled Resource Consumption
(updated )
The png_decompress_chunk function in pngrutil.c in libpng does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which allows remote attackers to cause a denial of service (memory and CPU consumption, and application hang) via a crafted PNG file, as demonstrated by use of the deflate compression method on data composed of many occurrences of the same character, related to a “decompression bomb” attack.
References
Detect and mitigate CVE-2010-0205 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →