CVE-2009-0040

CVSS v2.0 6.8 (Medium)

EPSS 7.50 % (94^th)

Affected Products 9

Advisories 19

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Weaknesses

CWE-824: Access of Uninitialized Pointer

CVE Status: PUBLISHED
CNA: Red Hat, Inc.
Published Date: 2009-02-22 22:30:00
(15 years ago)
Updated Date: 2024-02-09 03:25:43
(7 months ago)

Affected Products

Apple

Suse

Configuration #1

		CPE23	From	Up To
	Libpng prior 1.0.43 version	cpe:2.3:a:libpng:libpng		< 1.0.43
	Libpng from 1.2.0 version and prior 1.2.35 version	cpe:2.3:a:libpng:libpng	>= 1.2.0	< 1.2.35

Configuration #2

		CPE23	From	Up To
	Apple Iphone Os prior 3.0 version	cpe:2.3:o:apple:iphone_os		< 3.0
	Apple Mac Os X prior 10.5.8 version	cpe:2.3:o:apple:mac_os_x		< 10.5.8

Configuration #3

		CPE23	From	Up To
	Opensuse 10.3	cpe:2.3:o:opensuse:opensuse:10.3
	Opensuse 11.0	cpe:2.3:o:opensuse:opensuse:11.0
	Opensuse 11.1	cpe:2.3:o:opensuse:opensuse:11.1
	Suse Linux Enterprise 9.0	cpe:2.3:o:suse:linux_enterprise:9.0:-
	Suse Linux Enterprise 10.0	cpe:2.3:o:suse:linux_enterprise:10.0:-
	Suse Linux Enterprise Desktop 10 SP2	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2
	Suse Linux Enterprise Server 10 SP2	cpe:2.3:o:suse:linux_enterprise_server:10:sp2

Configuration #4

		CPE23	From	Up To
	Debian Linux 4.0	cpe:2.3:o:debian:debian_linux:4.0
	Debian Linux 5.0	cpe:2.3:o:debian:debian_linux:5.0

Configuration #5

		CPE23	From	Up To
	Fedoraproject Fedora 9	cpe:2.3:o:fedoraproject:fedora:9
	Fedoraproject Fedora 10	cpe:2.3:o:fedoraproject:fedora:10

Weaknesses

Affected Products

Apple

Debian

Fedoraproject

Libpng

Opensuse