Lucene search
Ubuntu.comUB:CVE-2009-0040HistoryFeb 22, 2009 - 12:00 a.m.
CVE-2009-0040
2009-02-2200:00:00
ubuntu.com
ubuntu.com
17
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.069 Low
EPSS
Percentile
93.8%
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before
1.2.35, as used in pngcrush and other applications, allows
context-dependent attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted PNG file that
triggers a free of an uninitialized pointer in (1) the png_read_png
function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Bugs
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 6.06 | noarch | firefox | < 1.5.dfsg+1.5.0.15~prepatch080614k-0ubuntu1 | UNKNOWN |
| ubuntu | 7.10 | noarch | firefox | < 2.0.0.21~tb.21+nobinonly-0ubuntu0.7.10.1 | UNKNOWN |
| ubuntu | 8.04 | noarch | firefox-3.0 | < 3.0.7+nobinonly-0ubuntu0.8.04.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | firefox-3.0 | < 3.0.7+nobinonly-0ubuntu0.8.10.1 | UNKNOWN |
| ubuntu | 9.04 | noarch | firefox-3.0 | < 3.0.7+nobinonly-0ubuntu1 | UNKNOWN |
| ubuntu | 9.04 | noarch | firefox-3.5 | < 3.5+nobinonly-0ubuntu0.9.04.1 | UNKNOWN |
| ubuntu | 6.06 | noarch | libpng | < 1.2.8rel-5ubuntu0.4 | UNKNOWN |
| ubuntu | 7.10 | noarch | libpng | < 1.2.15~beta5-2ubuntu0.2 | UNKNOWN |
| ubuntu | 8.04 | noarch | libpng | < 1.2.15~beta5-3ubuntu0.1 | UNKNOWN |
| ubuntu | 8.10 | noarch | libpng | < 1.2.27-1ubuntu0.1 | UNKNOWN |
Related
nessus
nessus
SuSE 11 Security Update : libpng (SAT Patch Number 638)
2009-09-24 00:00:00
openSUSE Security Update : libpng-devel (libpng-devel-558)
2009-07-21 00:00:00
F5 Networks BIG-IP : libpng vulnerability (SOL9988)
2014-10-10 00:00:00
f5
f5
K9988 : libpng vulnerability CVE-2009-0040
2013-03-27 00:00:00
SOL9988 - libpng vulnerability CVE-2009-0040
2009-04-21 00:00:00
cert
cert
libpng fails to properly initialize element pointers
2009-03-02 00:00:00
openvas
openvas
CentOS Security Advisory CESA-2009:0340 (libpng)
2009-03-13 00:00:00
Fedora Core 10 FEDORA-2009-2112 (libpng)
2009-03-02 00:00:00
SLES11: Security update for libpng
2009-10-11 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-10 00:30:13
fedora
fedora
[SECURITY] Fedora 10 Update: libpng-1.2.35-1.fc10
2009-02-26 15:33:35
[SECURITY] Fedora 10 Update: mingw32-libpng-1.2.35-1.fc10
2009-02-26 15:35:43
[SECURITY] Fedora 10 Update: libpng10-1.0.43-1.fc10
2009-03-09 23:12:14
slackware
slackware
libpng
2009-02-20 17:06:41
redhat
redhat
(RHSA-2009:0340) Moderate: libpng security update
2009-03-04 00:00:00
(RHSA-2009:0333) Moderate: libpng security update
2009-03-04 00:00:00
(RHSA-2009:0325) Critical: seamonkey security update
2009-03-04 00:00:00
securityvulns
securityvulns
Mozilla Foundation Security Advisory 2009-10
2009-03-06 00:00:00
libpng uninitialized pointers
2009-03-06 00:00:00
libpng multiple security vulnerabilities
2009-02-25 00:00:00
freebsd
freebsd
pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability
2009-02-19 00:00:00
centos
centos
libpng, libpng10 security update
2009-03-04 23:31:04
libpng security update
2009-03-11 03:53:56
libpng, libpng10 security update
2009-03-05 18:16:07
prion
prion
Design/Logic Flaw
2009-02-22 22:30:00
seebug
seebug
VMware Server libpng Uninitialised Pointer Arrays Vulnerability
2009-08-24 00:00:00
cve
cve
CVE-2009-0040
2009-02-22 22:30:00
mozilla
mozilla
Upgrade PNG library to fix memory safety hazards — Mozilla
2009-03-04 00:00:00
oraclelinux
oraclelinux
libpng security update
2009-03-04 00:00:00
libpng security update
2009-03-04 00:00:00
seamonkey security update
2009-03-05 00:00:00
vmware
vmware
VMware Hosted products and ESX and ESXi patches resolve security issues
2009-05-28 00:00:00
VMware Hosted products update libpng and Apache HTTP Server
2009-08-20 00:00:00
gentoo
gentoo
libpng: Multiple vulnerabilities
2009-03-15 00:00:00
debian
debian
[SECURITY] [DSA 1750-1] New libpng packages fix several vulnerabilities
2009-03-22 17:16:04
osv
osv
libpng - several vulnerabilities
2009-03-22 00:00:00
ubuntu
ubuntu
libpng vulnerabilities
2009-03-06 00:00:00
Firefox and Xulrunner vulnerabilities
2009-03-05 00:00:00
suse
suse
remote code execution in MozillaFirefox
2009-04-20 12:01:40
remote code execution in MozillaFirefox
2009-03-16 14:15:07
6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.069 Low
EPSS
Percentile
93.8%
Related for UB:CVE-2009-0040