CVE-2009-2042

Priority
Low
Description
libpng before 1.2.37 does not properly parse 1-bit interlaced images with
width values that are not divisible by 8, which causes libpng to include
uninitialized bits in certain rows of a PNG file and might allow remote
attackers to read portions of sensitive memory via "out-of-bounds pixels"
in the file.
References
Bugs
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses system libpng)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):released (1.9.0.7+nobinonly-0ubuntu0.8.04.1)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):DNE
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Package
Upstream:released (1.2.37)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.2)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Patches:
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=347014&action=diff (same as upstream)
Vendor:https://bugzilla.redhat.com/attachment.cgi?id=347015&action=diff (same as upstream)
Package
Upstream:needs-triage
Ubuntu 8.04 LTS (Hardy Heron):ignored (uses system libpng)
Ubuntu 10.04 LTS (Lucid Lynx):ignored (uses system libpng)
More Information

Valid XHTML 1.0 Strict

Updated: 2012-06-01 15:19:55 UTC (commit 5347)