Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2042

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2009-2042
Last Modified 12 May 2010 01:41:17
Published 12 Jun 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2042

Summary

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

Vulnerable Systems

Application

  • Libpng 0.89c

  • Libpng 0.95

  • Libpng 1.0.0

  • Libpng 1.0.1

  • Libpng 1.0.10

  • Libpng 1.0.11

  • Libpng 1.0.12

  • Libpng 1.0.13

  • Libpng 1.0.14

  • Libpng 1.0.15

  • Libpng 1.0.16

  • Libpng 1.0.17

  • Libpng 1.0.18

  • Libpng 1.0.19

  • Libpng 1.0.2

  • Libpng 1.0.20

  • Libpng 1.0.21

  • Libpng 1.0.22

  • Libpng 1.0.23

  • Libpng 1.0.7

  • Libpng 1.0.8

  • Libpng 1.0.9

  • Libpng 1.2.0

  • Libpng 1.2.1

  • Libpng 1.2.10

  • Libpng 1.2.11

  • Libpng 1.2.13

  • Libpng 1.2.14

  • Libpng 1.2.15

  • Libpng 1.2.16

  • Libpng 1.2.17

  • Libpng 1.2.18

  • Libpng 1.2.19

  • Libpng 1.2.2

  • Libpng 1.2.20

  • Libpng 1.2.21

  • Libpng 1.2.22

  • Libpng 1.2.23

  • Libpng 1.2.24

  • Libpng 1.2.25

  • Libpng 1.2.26

  • Libpng 1.2.3

  • Libpng 1.2.30

  • Libpng 1.2.31

  • Libpng 1.2.33

  • Libpng 1.2.34

  • Libpng 1.2.35


References

VUPEN - ADV-2009-1510

BID - 35233

CONFIRM - http://www.libpng.org/pub/png/libpng.html

FEDORA - FEDORA-2009-6400

FEDORA - FEDORA-2009-5977

XF - libpng-interlaced-image-info-disclosure(50966)

VUPEN - ADV-2010-0847

VUPEN - ADV-2010-0682

VUPEN - ADV-2010-0637

CONFIRM - http://www.vmware.com/security/advisories/VMSA-2010-0007.html

MANDRIVA - MDVSA-2010:063

DEBIAN - DSA-2032

UBUNTU - USN-913-1

CONFIRM - http://support.apple.com/kb/HT4077

SLACKWARE - SSA:2009-170-01

GENTOO - GLSA-200906-01

SECUNIA - 39251

SECUNIA - 39215

SECUNIA - 39206

SECUNIA - 35594

SECUNIA - 35524

SECUNIA - 35470

SECUNIA - 35346

MLIST - [security-announce] 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

APPLE - APPLE-SA-2010-03-29-1

FULLDISC - 20100409 VMSA-2010-0007 VMware hosted products, vCenter Server and ESX patches resolve multiple security issues

Related Patches

Novell SUSE 2009:6326 libpng security update for SLE 10 SP2 i586


Last Updated: 27 May 2016 10:50:45