6.8

CVE-2009-0040

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version < 1.0.43
LibpngLibpng Version >= 1.2.0 < 1.2.35
AppleiPhone OS Version < 3.0
ApplemacOS X Version < 10.5.8
OpensuseOpensuse Version10.3
OpensuseOpensuse Version11.0
OpensuseOpensuse Version11.1
SuseLinux Enterprise Version9.0 Update-
SuseLinux Enterprise Version10.0 Update-
SuseLinux Enterprise Desktop Version10 Updatesp2
SuseLinux Enterprise Server Version10 Updatesp2
DebianDebian Linux Version4.0
DebianDebian Linux Version5.0
FedoraprojectFedora Version9
FedoraprojectFedora Version10
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.83% 0.908
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-824 Access of Uninitialized Pointer

The product accesses or uses a pointer that has not been initialized.

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html
Mailing List
http://secunia.com/advisories/35074
Broken Link
http://support.apple.com/kb/HT3549
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-133A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/1297
Broken Link
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html
Broken Link
Mailing List
http://secunia.com/advisories/35379
Broken Link
http://support.apple.com/kb/HT3613
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1522
Broken Link
http://secunia.com/advisories/34388
Broken Link
http://www.debian.org/security/2009/dsa-1750
Mailing List
http://lists.vmware.com/pipermail/security-announce/2009/000062.html
Broken Link
http://www.securityfocus.com/archive/1/505990/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html
Mailing List
http://secunia.com/advisories/35302
Broken Link
http://secunia.com/advisories/35386
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1
Broken Link
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm
Broken Link
http://www.vupen.com/english/advisories/2009/1462
Broken Link
http://www.vupen.com/english/advisories/2009/1560
Broken Link
http://security.gentoo.org/glsa/glsa-201209-25.xml
Third Party Advisory
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html
Mailing List
http://secunia.com/advisories/36096
Broken Link
http://support.apple.com/kb/HT3757
Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-218A.html
Third Party Advisory
US Government Resource
http://www.vupen.com/english/advisories/2009/2172
Broken Link
http://secunia.com/advisories/34152
Broken Link
http://secunia.com/advisories/35258
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0333.html
Broken Link
http://www.securityfocus.com/archive/1/503912/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
http://www.vmware.com/security/advisories/VMSA-2009-0007.html
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1451
Broken Link
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html
Mailing List
http://support.apple.com/kb/HT3639
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1621
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051
Broken Link
http://secunia.com/advisories/34320
Broken Link
http://security.gentoo.org/glsa/glsa-200903-28.xml
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html
Mailing List
http://secunia.com/advisories/34324
Broken Link
http://secunia.com/advisories/34462
Broken Link
http://secunia.com/advisories/34464
Broken Link
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420
Mailing List
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952
Mailing List
http://www.debian.org/security/2009/dsa-1830
Mailing List
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html
Mailing List
http://secunia.com/advisories/34265
Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0046
Broken Link
http://www.securityfocus.com/archive/1/501767/100/0/threaded
Third Party Advisory
Broken Link
VDB Entry
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt
Vendor Advisory
Broken Link
http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt
Product
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html
Mailing List
http://secunia.com/advisories/33970
Vendor Advisory
Broken Link
http://secunia.com/advisories/33976
Vendor Advisory
Broken Link
http://secunia.com/advisories/34137
Broken Link
http://secunia.com/advisories/34140
Broken Link
http://secunia.com/advisories/34143
Broken Link
http://secunia.com/advisories/34145
Broken Link
http://secunia.com/advisories/34210
Broken Link
http://secunia.com/advisories/34272
Broken Link
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com
Broken Link
http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441
Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm
Broken Link
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document
Broken Link
http://www.kb.cert.org/vuls/id/649212
Third Party Advisory
US Government Resource
Broken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0315.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0325.html
Broken Link
http://www.redhat.com/support/errata/RHSA-2009-0340.html
Broken Link
http://www.securityfocus.com/bid/33827
Third Party Advisory
Broken Link
VDB Entry
http://www.securityfocus.com/bid/33990
Third Party Advisory
Broken Link
VDB Entry
http://www.vupen.com/english/advisories/2009/0469
Broken Link
http://www.vupen.com/english/advisories/2009/0473
Broken Link
http://www.vupen.com/english/advisories/2009/0632
Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/48819
Third Party Advisory
VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316
Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458
Broken Link
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html
Mailing List
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html
Mailing List