CVE-2009-0040
MEDIUM severity · CVSS 6.8 · CWE-824
6.8CVSS MEDIUM
Summary
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Impact & exploitability
Attack vectorNetwork
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)5%
AV:N/AC:M/Au:N/C:P/I:P/A:P
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Additional information
- NVD record
- ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txtAdvisory
- http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
- http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
- http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
- http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
- http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
- http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html