Vulnerability Note VU#649212
libpng fails to properly initialize element pointers
Libpng contains a vulnerability in the way element pointers are handled.
A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c. According to the PNG Development Group:
If the application runs out of memory during the loop, some of the element pointers will be uninitialized. Libpng will then longjmp to a cleanup process that attempts to free all of the elements in the array, including the uninitialized ones. This behavior could be forced by a malevolent input.
This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|libpng||Affected||-||02 Mar 2009|
|3com, Inc.||Unknown||05 Mar 2009||05 Mar 2009|
|ACCESS||Unknown||05 Mar 2009||05 Mar 2009|
|Alcatel-Lucent||Unknown||05 Mar 2009||05 Mar 2009|
|Apple Computer, Inc.||Unknown||05 Mar 2009||05 Mar 2009|
|AT&T||Unknown||05 Mar 2009||05 Mar 2009|
|Avaya, Inc.||Unknown||05 Mar 2009||05 Mar 2009|
|Barracuda Networks||Unknown||05 Mar 2009||05 Mar 2009|
|Belkin, Inc.||Unknown||05 Mar 2009||05 Mar 2009|
|Borderware Technologies||Unknown||05 Mar 2009||05 Mar 2009|
|Bro||Unknown||05 Mar 2009||05 Mar 2009|
|Charlotte's Web Networks||Unknown||05 Mar 2009||05 Mar 2009|
|Check Point Software Technologies||Unknown||05 Mar 2009||05 Mar 2009|
|Cisco Systems, Inc.||Unknown||05 Mar 2009||05 Mar 2009|
|Clavister||Unknown||05 Mar 2009||05 Mar 2009|
CVSS Metrics (Learn More)
This document was written by Chris Taschner.
- CVE IDs: CVE-2009-0040
- Date Public: 19 Feb 2009
- Date First Published: 02 Mar 2009
- Date Last Updated: 06 Mar 2009
- Severity Metric: 3.49
- Document Revision: 11
If you have feedback, comments, or additional information about this vulnerability, please send us email.