6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
89.7%
The libpng packages contain a library of functions for creating and
manipulating PNG (Portable Network Graphics) image format files.
A flaw was discovered in libpng that could result in libpng trying to
free() random memory if certain, unlikely error conditions occurred. If a
carefully-crafted PNG file was loaded by an application linked against
libpng, it could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2009-0040)
Users of libpng and libpng10 should upgrade to these updated packages,
which contain backported patches to correct these issues. All running
applications using libpng or libpng10 must be restarted for the update to
take effect.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ppc | libpng-devel | < 1.2.2-29 | libpng-devel-1.2.2-29.ppc.rpm |
RedHat | any | ppc64 | libpng | < 1.2.2-29 | libpng-1.2.2-29.ppc64.rpm |
RedHat | any | ppc | libpng10 | < 1.0.13-20 | libpng10-1.0.13-20.ppc.rpm |
RedHat | any | ppc | libpng | < 1.2.2-29 | libpng-1.2.2-29.ppc.rpm |
RedHat | any | ppc64 | libpng10 | < 1.0.13-20 | libpng10-1.0.13-20.ppc64.rpm |
RedHat | any | ppc | libpng10-devel | < 1.0.13-20 | libpng10-devel-1.0.13-20.ppc.rpm |