CVE-2009-0040Access of Uninitialized Pointer in Libpng

CWE-824Access of Uninitialized PointerCWE-94Code Injection7 documents6 sources
Severity
6.8MEDIUMNVD
EPSS
8.3%
top 7.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
9
Apple Iphone OSApple MAC OS XLibpng+6 more
Timeline
PublishedFeb 22
Latest updateMay 3

Description

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages6 packages

NVDlibpng/libpng1.2.01.2.35+1
NVDapple/mac_os_x< 10.5.8
NVDapple/iphone_os< 3.0
NVDopensuse/opensuse10.3, 11.0, 11.1+2

Also affects: Debian Linux 4.0, 5.0, Fedora 10, 9, Linux Enterprise 10.0, 9.0

🔴Vulnerability Details

2
GHSA
GHSA-m968-rq7m-646j: The PNG reference library (aka libpng) before 12022-05-03
CVEList
CVE-2009-0040: The PNG reference library (aka libpng) before 12009-02-22

📋Vendor Advisories

3
Ubuntu
libpng vulnerabilities2009-03-06
Ubuntu
Firefox and Xulrunner vulnerabilities2009-03-05
Red Hat
libpng arbitrary free() flaw2009-02-19

💬Community

1
Bugzilla
CVE-2009-0040 libpng arbitrary free() flaw2009-02-19
CVE-2009-0040 — Access of Uninitialized Pointer | cvebase