Vulnerability DatabaseCVE-2009-0040
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2009-0040
February 22, 2009
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Related Resources (84)
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
http://www.securityfocus.com/bid/33990
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
http://secunia.com/advisories/34388
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
http://secunia.com/advisories/36096
http://secunia.com/advisories/34464
http://support.apple.com/kb/HT3549
http://www.securityfocus.com/archive/1/505990/100/0/threaded
http://www.debian.org/security/2009/dsa-1830
http://secunia.com/advisories/34462
http://security.gentoo.org/glsa/glsa-201209-25.xml
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
http://www.vupen.com/english/advisories/2009/0473
http://www.vupen.com/english/advisories/2009/0632
http://secunia.com/advisories/35302
http://secunia.com/advisories/34145
http://www.kb.cert.org/vuls/id/649212
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
https://access.redhat.com/security/cve/CVE-2009-0040
http://www.vupen.com/english/advisories/2009/1297
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
http://www.vupen.com/english/advisories/2009/1621
http://secunia.com/advisories/35258
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
http://secunia.com/advisories/35074
http://secunia.com/advisories/34272
http://secunia.com/advisories/34140
http://www.securityfocus.com/archive/1/503912/100/0/threaded
http://secunia.com/advisories/34210
http://support.apple.com/kb/HT3613
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458
http://www.vupen.com/english/advisories/2009/0469
http://secunia.com/advisories/33970
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
http://www.securityfocus.com/archive/1/501767/100/0/threaded
http://www.redhat.com/support/errata/RHSA-2009-0340.html
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
http://secunia.com/advisories/33976
http://www.debian.org/security/2009/dsa-1750
http://secunia.com/advisories/34320
http://www.vupen.com/english/advisories/2009/1560
http://support.apple.com/kb/HT3639
http://www.vupen.com/english/advisories/2009/1462
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
http://secunia.com/advisories/34137
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
http://www.vupen.com/english/advisories/2009/2172
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/48819
http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
http://www.securityfocus.com/bid/33827
http://www.vupen.com/english/advisories/2009/1451
http://security.gentoo.org/glsa/glsa-200903-28.xml
http://secunia.com/advisories/34324
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
http://secunia.com/advisories/34265
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
http://www.redhat.com/support/errata/RHSA-2009-0333.html
http://secunia.com/advisories/34152
http://wiki.rpath.com/Advisories:rPSA-2009-0046
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
http://secunia.com/advisories/35386
http://www.redhat.com/support/errata/RHSA-2009-0315.html
http://support.apple.com/kb/HT3757
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
http://secunia.com/advisories/35379
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
http://secunia.com/advisories/34143
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316
https://people.canonical.com/~ubuntu-security/cve/CVE-2009-0040
http://www.redhat.com/support/errata/RHSA-2009-0325.html
http://www.vupen.com/english/advisories/2009/1522
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.3
Attack Vector
NETWORK
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
6.8
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
Weakness Type (CWE)
Access of Uninitialized Pointer
CWE-824
EPSS
Base Score:
8.28