CVE-2009-0040

libpng arbitrary free() flaw

Severity Score

6.8

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit.

*Credits: N/A

CVSS Scores

NISTv2 6.8

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2008-12-15 CVE Reserved
2009-02-22 CVE Published
2024-06-21 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-824: Access of Uninitialized Pointer

CAPEC

References (84)

URL	Tag	Source
http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt	Product
http://lists.vmware.com/pipermail/security-announce/2009/000062.html	Broken Link
http://secunia.com/advisories/34137	Broken Link
http://secunia.com/advisories/34140	Broken Link
http://secunia.com/advisories/34143	Broken Link
http://secunia.com/advisories/34145	Broken Link
http://secunia.com/advisories/34152	Broken Link
http://secunia.com/advisories/34210	Broken Link
http://secunia.com/advisories/34265	Broken Link
http://secunia.com/advisories/34272	Broken Link
http://secunia.com/advisories/34320	Broken Link
http://secunia.com/advisories/34324	Broken Link
http://secunia.com/advisories/34388	Broken Link
http://secunia.com/advisories/34462	Broken Link
http://secunia.com/advisories/34464	Broken Link
http://secunia.com/advisories/35074	Broken Link
http://secunia.com/advisories/35258	Broken Link
http://secunia.com/advisories/35302	Broken Link
http://secunia.com/advisories/35379	Broken Link
http://secunia.com/advisories/35386	Broken Link
http://secunia.com/advisories/36096	Broken Link
http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com	Broken Link
http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441	Broken Link
http://support.apple.com/kb/HT3549	Third Party Advisory
http://support.apple.com/kb/HT3613	Third Party Advisory
http://support.apple.com/kb/HT3639	Third Party Advisory
http://support.apple.com/kb/HT3757	Third Party Advisory
http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm	Broken Link
http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm	Broken Link
http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document	Broken Link
http://wiki.rpath.com/Advisories:rPSA-2009-0046	Broken Link
http://www.kb.cert.org/vuls/id/649212	Broken Link
http://www.securityfocus.com/archive/1/501767/100/0/threaded	Broken Link
http://www.securityfocus.com/archive/1/503912/100/0/threaded	Broken Link
http://www.securityfocus.com/archive/1/505990/100/0/threaded	Broken Link
http://www.securityfocus.com/bid/33827	Broken Link
http://www.securityfocus.com/bid/33990	Broken Link
http://www.us-cert.gov/cas/techalerts/TA09-133A.html	Third Party Advisory
http://www.us-cert.gov/cas/techalerts/TA09-218A.html	Third Party Advisory
http://www.vmware.com/security/advisories/VMSA-2009-0007.html	Third Party Advisory
http://www.vupen.com/english/advisories/2009/0469	Broken Link
http://www.vupen.com/english/advisories/2009/0473	Broken Link
http://www.vupen.com/english/advisories/2009/0632	Broken Link
http://www.vupen.com/english/advisories/2009/1297	Broken Link
http://www.vupen.com/english/advisories/2009/1451	Broken Link
http://www.vupen.com/english/advisories/2009/1462	Broken Link
http://www.vupen.com/english/advisories/2009/1522	Broken Link
http://www.vupen.com/english/advisories/2009/1560	Broken Link
http://www.vupen.com/english/advisories/2009/1621	Broken Link
http://www.vupen.com/english/advisories/2009/2172	Broken Link
https://exchange.xforce.ibmcloud.com/vulnerabilities/48819	Third Party Advisory
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316	Broken Link
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458	Broken Link

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt	2024-02-09
http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html	2024-02-09
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	2024-02-09
http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	2024-02-09
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	2024-02-09
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html	2024-02-09
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html	2024-02-09
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html	2024-02-09
http://secunia.com/advisories/33970	2024-02-09
http://secunia.com/advisories/33976	2024-02-09
http://security.gentoo.org/glsa/glsa-200903-28.xml	2024-02-09
http://security.gentoo.org/glsa/glsa-201209-25.xml	2024-02-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420	2024-02-09
http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952	2024-02-09
http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1	2024-02-09
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1	2024-02-09
http://www.debian.org/security/2009/dsa-1750	2024-02-09
http://www.debian.org/security/2009/dsa-1830	2024-02-09
http://www.mandriva.com/security/advisories?name=MDVSA-2009:051	2024-02-09
http://www.mandriva.com/security/advisories?name=MDVSA-2009:075	2024-02-09
http://www.mandriva.com/security/advisories?name=MDVSA-2009:083	2024-02-09
http://www.redhat.com/support/errata/RHSA-2009-0315.html	2024-02-09
http://www.redhat.com/support/errata/RHSA-2009-0325.html	2024-02-09
http://www.redhat.com/support/errata/RHSA-2009-0333.html	2024-02-09
http://www.redhat.com/support/errata/RHSA-2009-0340.html	2024-02-09
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html	2024-02-09
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html	2024-02-09
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html	2024-02-09
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html	2024-02-09
https://access.redhat.com/security/cve/CVE-2009-0040	2009-03-04
https://bugzilla.redhat.com/show_bug.cgi?id=486355	2009-03-04

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Libpng Search vendor "Libpng"		Libpng Search vendor "Libpng" for product "Libpng"				< 1.0.43 Search vendor "Libpng" for product "Libpng" and version " < 1.0.43"		-		Affected
Libpng Search vendor "Libpng"		Libpng Search vendor "Libpng" for product "Libpng"				>= 1.2.0 < 1.2.35 Search vendor "Libpng" for product "Libpng" and version " >= 1.2.0 < 1.2.35"		-		Affected
Apple Search vendor "Apple"		Iphone Os Search vendor "Apple" for product "Iphone Os"				< 3.0 Search vendor "Apple" for product "Iphone Os" and version " < 3.0"		-		Affected
Apple Search vendor "Apple"		Mac Os X Search vendor "Apple" for product "Mac Os X"				< 10.5.8 Search vendor "Apple" for product "Mac Os X" and version " < 10.5.8"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				10.3 Search vendor "Opensuse" for product "Opensuse" and version "10.3"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.0 Search vendor "Opensuse" for product "Opensuse" and version "11.0"		-		Affected
Opensuse Search vendor "Opensuse"		Opensuse Search vendor "Opensuse" for product "Opensuse"				11.1 Search vendor "Opensuse" for product "Opensuse" and version "11.1"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				9.0 Search vendor "Suse" for product "Linux Enterprise" and version "9.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Search vendor "Suse" for product "Linux Enterprise"				10.0 Search vendor "Suse" for product "Linux Enterprise" and version "10.0"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Desktop Search vendor "Suse" for product "Linux Enterprise Desktop"				10 Search vendor "Suse" for product "Linux Enterprise Desktop" and version "10"		sp2		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				10 Search vendor "Suse" for product "Linux Enterprise Server" and version "10"		sp2		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				4.0 Search vendor "Debian" for product "Debian Linux" and version "4.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				5.0 Search vendor "Debian" for product "Debian Linux" and version "5.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				9 Search vendor "Fedoraproject" for product "Fedora" and version "9"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				10 Search vendor "Fedoraproject" for product "Fedora" and version "10"		-		Affected