FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-0040

This CVE name corresponds to:

Entered Topic
2009-03-04 pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-0040 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-0040
Phase Assigned(20081215)

Description

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

References

Source Reference
BUGTRAQ 20090312 rPSA-2009-0046-1 libpng
BUGTRAQ 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
BUGTRAQ 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
MLIST [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability
MLIST [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
CONFIRM ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
CONFIRM http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
CONFIRM http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441
CONFIRM http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
CONFIRM http://wiki.rpath.com/Advisories:rPSA-2009-0046
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
CONFIRM http://support.apple.com/kb/HT3549
CONFIRM http://www.vmware.com/security/advisories/VMSA-2009-0007.html
CONFIRM http://support.apple.com/kb/HT3613
CONFIRM http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
CONFIRM http://support.apple.com/kb/HT3639
CONFIRM http://support.apple.com/kb/HT3757
APPLE APPLE-SA-2009-05-12
APPLE APPLE-SA-2009-06-08-1
APPLE APPLE-SA-2009-06-17-1
APPLE APPLE-SA-2009-08-05-1
DEBIAN DSA-1750
DEBIAN DSA-1830
FEDORA FEDORA-2009-1976
FEDORA FEDORA-2009-2045
FEDORA FEDORA-2009-2882
FEDORA FEDORA-2009-2884
GENTOO GLSA-200903-28
GENTOO GLSA-201209-25
MANDRIVA MDVSA-2009:051
MANDRIVA MDVSA-2009:075
MANDRIVA MDVSA-2009:083
REDHAT RHSA-2009:0315
REDHAT RHSA-2009:0325
REDHAT RHSA-2009:0333
REDHAT RHSA-2009:0340
SLACKWARE SSA:2009-083-02
SLACKWARE SSA:2009-083-03
SUNALERT 259989
SUNALERT 1020521
SUSE SUSE-SR:2009:005
SUSE SUSE-SA:2009:012
SUSE SUSE-SA:2009:023
CERT TA09-133A
CERT TA09-218A
CERT-VN VU#649212
BID 33827
BID 33990
OVAL oval:org.mitre.oval:def:10316
OVAL oval:org.mitre.oval:def:6458
SECUNIA 34145
SECUNIA 34210
SECUNIA 34265
SECUNIA 34272
SECUNIA 34320
SECUNIA 34388
SECUNIA 34324
SECUNIA 34462
SECUNIA 34464
SECUNIA 35074
SECUNIA 35258
SECUNIA 35302
SECUNIA 35379
SECUNIA 35386
SECUNIA 36096
SECUNIA 34137
SECUNIA 34140
SECUNIA 34143
SECUNIA 34152
VUPEN ADV-2009-0469
VUPEN ADV-2009-0473
SECUNIA 33970
SECUNIA 33976
VUPEN ADV-2009-0632
VUPEN ADV-2009-1297
VUPEN ADV-2009-1451
VUPEN ADV-2009-1462
VUPEN ADV-2009-1522
VUPEN ADV-2009-1560
VUPEN ADV-2009-1621
VUPEN ADV-2009-2172
XF libpng-pointer-arrays-code-execution(48819)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.