CVE-2009-0040

Priority
Medium
Description
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before
1.2.35, as used in pngcrush and other applications, allows
context-dependent attackers to cause a denial of service (application
crash) or possibly execute arbitrary code via a crafted PNG file that
triggers a free of an uninitialized pointer in (1) the png_read_png
function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (3.0.7+nobinonly-0ubuntu0.8.04.1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.9.0.7+nobinonly-0ubuntu0.8.04.1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Package
Upstream:released (1.2.35-1)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.1)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:32 UTC (commit 5347)