CVE - CVE-2009-0040

CVE-ID
CVE-2009-0040	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:1020521 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1~~ (Obsolete source) MISC:20090312 rPSA-2009-0046-1 libpng URL:http://www.securityfocus.com/archive/1/501767/100/0/threaded MISC:20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues URL:http://www.securityfocus.com/archive/1/503912/100/0/threaded MISC:20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://www.securityfocus.com/archive/1/505990/100/0/threaded MISC:259989 URL:~~http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1~~ (Obsolete source) MISC:33827 URL:http://www.securityfocus.com/bid/33827 MISC:33970 URL:http://secunia.com/advisories/33970 MISC:33976 URL:http://secunia.com/advisories/33976 MISC:33990 URL:http://www.securityfocus.com/bid/33990 MISC:34137 URL:http://secunia.com/advisories/34137 MISC:34140 URL:http://secunia.com/advisories/34140 MISC:34143 URL:http://secunia.com/advisories/34143 MISC:34145 URL:http://secunia.com/advisories/34145 MISC:34152 URL:http://secunia.com/advisories/34152 MISC:34210 URL:http://secunia.com/advisories/34210 MISC:34265 URL:http://secunia.com/advisories/34265 MISC:34272 URL:http://secunia.com/advisories/34272 MISC:34320 URL:http://secunia.com/advisories/34320 MISC:34324 URL:http://secunia.com/advisories/34324 MISC:34388 URL:http://secunia.com/advisories/34388 MISC:34462 URL:http://secunia.com/advisories/34462 MISC:34464 URL:http://secunia.com/advisories/34464 MISC:35074 URL:http://secunia.com/advisories/35074 MISC:35258 URL:http://secunia.com/advisories/35258 MISC:35302 URL:http://secunia.com/advisories/35302 MISC:35379 URL:http://secunia.com/advisories/35379 MISC:35386 URL:http://secunia.com/advisories/35386 MISC:36096 URL:http://secunia.com/advisories/36096 MISC:ADV-2009-0469 URL:~~http://www.vupen.com/english/advisories/2009/0469~~ (Obsolete source) MISC:ADV-2009-0473 URL:~~http://www.vupen.com/english/advisories/2009/0473~~ (Obsolete source) MISC:ADV-2009-0632 URL:~~http://www.vupen.com/english/advisories/2009/0632~~ (Obsolete source) MISC:ADV-2009-1297 URL:~~http://www.vupen.com/english/advisories/2009/1297~~ (Obsolete source) MISC:ADV-2009-1451 URL:~~http://www.vupen.com/english/advisories/2009/1451~~ (Obsolete source) MISC:ADV-2009-1462 URL:~~http://www.vupen.com/english/advisories/2009/1462~~ (Obsolete source) MISC:ADV-2009-1522 URL:~~http://www.vupen.com/english/advisories/2009/1522~~ (Obsolete source) MISC:ADV-2009-1560 URL:~~http://www.vupen.com/english/advisories/2009/1560~~ (Obsolete source) MISC:ADV-2009-1621 URL:~~http://www.vupen.com/english/advisories/2009/1621~~ (Obsolete source) MISC:ADV-2009-2172 URL:~~http://www.vupen.com/english/advisories/2009/2172~~ (Obsolete source) MISC:APPLE-SA-2009-05-12 URL:http://lists.apple.com/archives/security-announce/2009/May/msg00002.html MISC:APPLE-SA-2009-06-08-1 URL:http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html MISC:APPLE-SA-2009-06-17-1 URL:http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html MISC:APPLE-SA-2009-08-05-1 URL:http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html MISC:DSA-1750 URL:http://www.debian.org/security/2009/dsa-1750 MISC:DSA-1830 URL:http://www.debian.org/security/2009/dsa-1830 MISC:FEDORA-2009-1976 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html MISC:FEDORA-2009-2045 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html MISC:FEDORA-2009-2882 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html MISC:FEDORA-2009-2884 URL:https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html MISC:GLSA-200903-28 URL:http://security.gentoo.org/glsa/glsa-200903-28.xml MISC:GLSA-201209-25 URL:http://security.gentoo.org/glsa/glsa-201209-25.xml MISC:MDVSA-2009:051 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:051~~ (Obsolete source) MISC:MDVSA-2009:075 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:075~~ (Obsolete source) MISC:MDVSA-2009:083 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:083~~ (Obsolete source) MISC:RHSA-2009:0315 URL:http://www.redhat.com/support/errata/RHSA-2009-0315.html MISC:RHSA-2009:0325 URL:http://www.redhat.com/support/errata/RHSA-2009-0325.html MISC:RHSA-2009:0333 URL:http://www.redhat.com/support/errata/RHSA-2009-0333.html MISC:RHSA-2009:0340 URL:http://www.redhat.com/support/errata/RHSA-2009-0340.html MISC:SSA:2009-083-02 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420 MISC:SSA:2009-083-03 URL:http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952 MISC:SUSE-SA:2009:012 URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html MISC:SUSE-SA:2009:023 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html MISC:SUSE-SR:2009:005 URL:http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html MISC:TA09-133A URL:http://www.us-cert.gov/cas/techalerts/TA09-133A.html MISC:TA09-218A URL:http://www.us-cert.gov/cas/techalerts/TA09-218A.html MISC:VU#649212 URL:http://www.kb.cert.org/vuls/id/649212 MISC:[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability URL:http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com MISC:[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server URL:http://lists.vmware.com/pipermail/security-announce/2009/000062.html MISC:ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt URL:ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt MISC:http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt URL:http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt MISC:http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 URL:http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441 MISC:http://support.apple.com/kb/HT3549 URL:http://support.apple.com/kb/HT3549 MISC:http://support.apple.com/kb/HT3613 URL:http://support.apple.com/kb/HT3613 MISC:http://support.apple.com/kb/HT3639 URL:http://support.apple.com/kb/HT3639 MISC:http://support.apple.com/kb/HT3757 URL:http://support.apple.com/kb/HT3757 MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm MISC:http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm URL:http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm MISC:http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document URL:http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document MISC:http://wiki.rpath.com/Advisories:rPSA-2009-0046 URL:http://wiki.rpath.com/Advisories:rPSA-2009-0046 MISC:http://www.vmware.com/security/advisories/VMSA-2009-0007.html URL:http://www.vmware.com/security/advisories/VMSA-2009-0007.html MISC:libpng-pointer-arrays-code-execution(48819) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/48819 MISC:oval:org.mitre.oval:def:10316 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316 MISC:oval:org.mitre.oval:def:6458 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458
Assigning CNA
Red Hat, Inc.
Date Record Created
20081215	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20081215)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)