CVE-2009-5063

Priority
Low
Description
Memory leak in the embedded_profile_len function in pngwutil.c in libpng
before 1.2.39beta5 allows context-dependent attackers to cause a denial of
service (memory leak or segmentation fault) via a JPEG image containing an
iCCP chunk with a negative embedded profile length. NOTE: this is due to
an incomplete fix for CVE-2006-7244.
References
Assigned-to
jdstrand
Package
Upstream:released (1.2.39beta05)
Ubuntu 8.04 LTS (Hardy Heron):released (1.2.15~beta5-3ubuntu0.5)
Ubuntu 10.04 LTS (Lucid Lynx):not-affected
Ubuntu 11.04 (Natty Narwhal):not-affected
Ubuntu 11.10 (Oneiric Ocelot):not-affected
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
More Information

Valid XHTML 1.0 Strict

Updated: 2012-07-25 23:14:30 UTC (commit 5558)