a. Third Party Library libpng Updated to 1.2.35Several flaws were discovered in the way third party library libpnghandled uninitialized pointers. An attacker could create a PNG imagefile in such a way, that when loaded by an application linked tolibpng, it could cause the application to crash or execute arbitrarycode at the privilege level of the user that runs the application.The Common Vulnerabilities and Exposures project (cve.mitre.org)has assigned the name CVE-2009-0040 to this issue.The following table lists what action remediates the vulnerability(column 4) if a solution is available.
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5752
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1863
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3847
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5000
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6388
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040