CVE-2009-0040
CVSS v2.0
6.8 (Medium)
EPSS
7.50 % (94th)
Affected Products
9
Advisories
19
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Weaknesses
- CWE-824
- Access of Uninitialized Pointer
- CVE Status
- PUBLISHED
- CNA
- Red Hat, Inc.
- Published Date
-
2009-02-22 22:30:00
(15 years ago) - Updated Date
-
2024-02-09 03:25:43
(7 months ago)
Affected Products
Loading...
Loading...
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...
Loading...