[FEDORA-2009-2045] Fedora 9: libpng10
Severity
High
Affected Packages
1
CVEs
2
This release fixes a vulnerability in which some arrays of pointers are not
initialized prior to using malloc to define the pointers. If the application
runs out of memory while executing the allocation loop (which can be forced by
malevolent input), libpng10 will jump to a cleanup process that attempts to free
all of the pointers, including the undefined ones. This issue has been
assigned CVE-2009-0040
Package | Affected Version |
---|---|
pkg:rpm/fedora/libpng10?distro=fedora-9 | < 1.0.43.1.fc9 |
- ID
- FEDORA-2009-2045
- Severity
- high
- Severity from
- CVE-2008-1382
- URL
- https://bodhi.fedoraproject.org/updates/FEDORA-2009-2045
- Published
-
2009-03-09T22:48:33
(15 years ago) - Modified
-
2009-03-09T22:48:33
(15 years ago) - Rights
- Copyright 2009 Red Hat, Inc.
- Other Advisories
-
- ELSA-2009-0315
- ELSA-2009-0333
- FEDORA-2008-3683
- FEDORA-2008-3937
- FEDORA-2008-3979
- FEDORA-2008-4847
- FEDORA-2008-4910
- FEDORA-2008-4947
- FEDORA-2008-9379
- FEDORA-2008-9393
- FEDORA-2009-1976
- FEDORA-2009-2112
- FEDORA-2009-2128
- FEDORA-2009-2131
- FEDORA-2009-2882
- FEDORA-2009-2884
- FEDORA-2009-6531
- FEDORA-2009-6603
- FREEBSD:57C705D6-12AE-11DD-BAB7-0016179B2DD5
- FREEBSD:EA2411A4-08E8-11DE-B88A-0022157515B2
- GLSA-200804-15
- GLSA-200805-10
- GLSA-200812-15
- GLSA-200903-28
- GLSA-201209-25
- GLSA-201412-08
- SSA:2008-119-01
- SSA:2009-051-01
- USN-728-1
- USN-730-1
- VU:649212
Source | # ID | Name | URL |
---|---|---|---|
Bugzilla | 486355 | Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw | https://bugzilla.redhat.com/show_bug.cgi?id=486355 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:rpm/fedora/libpng10?distro=fedora-9 | fedora | libpng10 | < 1.0.43.1.fc9 | fedora-9 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |