CVE-2009-5063

Priority
Low
Description
Memory leak in the embedded_profile_len function in pngwutil.c in libpng
before 1.2.39beta5 allows context-dependent attackers to cause a denial of
service (memory leak or segmentation fault) via a JPEG image containing an
iCCP chunk with a negative embedded profile length. NOTE: this is due to
an incomplete fix for CVE-2006-7244.
References
Assigned-to
jdstrand
Package
Upstream:released (1.2.39beta05)
Ubuntu 12.04 LTS (Precise Pangolin):not-affected
Patches:
Upstream:http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:37:33 UTC (commit 9756)