5

CVE-2009-5063

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length.  NOTE: this is due to an incomplete fix for CVE-2006-7244.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LibpngLibpng Version <= 1.2.38
LibpngLibpng Version1.2.39 Update-
LibpngLibpng Version1.2.39 Updatebeta1
LibpngLibpng Version1.2.39 Updatebeta2
LibpngLibpng Version1.2.39 Updatebeta3
LibpngLibpng Version1.2.39 Updatebeta4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.5% 0.708
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-401 Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, making the memory unavailable for reallocation and reuse.

http://secunia.com/advisories/49660
Broken Link
http://security.gentoo.org/glsa/glsa-201206-15.xml
Third Party Advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18
http://www.openwall.com/lists/oss-security/2011/03/22/7
Patch
Third Party Advisory
Mailing List
http://www.openwall.com/lists/oss-security/2011/03/28/6
Patch
Third Party Advisory
Mailing List