CVE-2009-5063

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.2.39:-:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.2.39:beta1:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.2.39:beta2:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.2.39:beta3:*:*:*:*:*:*
cpe:2.3:a:libpng:libpng:1.2.39:beta4:*:*:*:*:*:*

History

21 Nov 2024, 01:11

Type Values Removed Values Added
References () http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 - () http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 -
References () http://secunia.com/advisories/49660 - Broken Link () http://secunia.com/advisories/49660 - Broken Link
References () http://security.gentoo.org/glsa/glsa-201206-15.xml - Third Party Advisory () http://security.gentoo.org/glsa/glsa-201206-15.xml - Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2011/03/22/7 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2011/03/22/7 - Mailing List, Patch, Third Party Advisory
References () http://www.openwall.com/lists/oss-security/2011/03/28/6 - Mailing List, Patch, Third Party Advisory () http://www.openwall.com/lists/oss-security/2011/03/28/6 - Mailing List, Patch, Third Party Advisory

Information

Published : 2011-08-31 23:55

Updated : 2024-11-21 01:11


NVD link : CVE-2009-5063

Mitre link : CVE-2009-5063

CVE.ORG link : CVE-2009-5063


JSON object : View

Products Affected

libpng

  • libpng
CWE
CWE-401

Missing Release of Memory after Effective Lifetime