Libpng PNG Reference Library Patches Memory Corruption Vulnerabilities

Two memory corruption vulnerabilities in the PNG reference library, libpng, have been patched, but the scope of software affected by the bug isn’t as wide as initially reported. The vulnerabilities, addressed in libpng 1.0.64, 1.2.54, 1.4.17, 1.5.24, and 1.6.19, allow for an attacker to write...

CVE-2009-0040

The PNG reference library aka libpng before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file that triggers a free of an...

CVE-2009-0040

The PNG reference library aka libpng before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service application crash or possibly execute arbitrary code via a crafted PNG file that triggers a free of an...

CVE-2009-0040

The CVE-2009-0040 issue affects the PNG reference library (libpng) as used in pngcrush and other apps. A crafted PNG can trigger a free of an uninitialized pointer in png_read_png, pCAL chunk handling, or 16-bit gamma table setup, enabling denial of service or possibly arbitrary code execution. A...