1. Home
  2. Security Advisories
  3. Fedora
  4. FEDORA-2009-2045

[FEDORA-2009-2045] Fedora 9: libpng10

Severity High
Affected Packages 1
CVEs 2
Info Packages References Vulnerabilities

This release fixes a vulnerability in which some arrays of pointers are not
initialized prior to using malloc to define the pointers. If the application
runs out of memory while executing the allocation loop (which can be forced by
malevolent input), libpng10 will jump to a cleanup process that attempts to free
all of the pointers, including the undefined ones. This issue has been
assigned CVE-2009-0040

Package Affected Version
pkg:rpm/fedora/libpng10?distro=fedora-9 < 1.0.43.1.fc9
ID
FEDORA-2009-2045
Severity
high
Severity from
CVE-2008-1382
URL
https://bodhi.fedoraproject.org/updates/FEDORA-2009-2045
Published
2009-03-09T22:48:33
(15 years ago)
Modified
2009-03-09T22:48:33
(15 years ago)
Rights
Copyright 2009 Red Hat, Inc.
Other Advisories
Source # ID Name URL
Bugzilla 486355 Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw https://bugzilla.redhat.com/show_bug.cgi?id=486355
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:rpm/fedora/libpng10?distro=fedora-9 fedora libpng10 < 1.0.43.1.fc9 fedora-9
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date