CVE-2009-5063

Severity

50%

Complexity

99%

Confidentiality

48%

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

CVSS 2.0 Base Score 5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:P).

Overview

Type

libpng

First reported 13 years ago

2011-08-31 23:55:00

Last updated 12 years ago

2012-07-24 03:12:00

Affected Software

libpng 1.0.0

1.0.0

libpng 1.0.1

1.0.1

libpng 1.0.2

1.0.2

libpng 1.0.3

1.0.3

libpng 1.0.5

1.0.5

libpng 1.0.6

1.0.6

libpng 1.0.7

1.0.7

libpng 1.0.8

1.0.8

libpng 1.0.9

1.0.9

libpng 1.0.10

1.0.10

libpng 1.0.11

1.0.11

libpng 1.0.12

1.0.12

libpng 1.0.13

1.0.13

libpng 1.0.14

1.0.14

libpng 1.0.15

1.0.15

libpng 1.0.16

1.0.16

libpng 1.0.17

1.0.17

libpng 1.0.18

1.0.18

libpng 1.0.19

1.0.19

libpng 1.0.20

1.0.20

libpng 1.0.21

1.0.21

libpng 1.0.22

1.0.22

libpng 1.0.23

1.0.23

libpng 1.0.24

1.0.24

libpng 1.0.25

1.0.25

libpng 1.0.26

1.0.26

libpng 1.0.27

1.0.27

libpng 1.0.28

1.0.28

libpng 1.0.29

1.0.29

libpng 1.0.30

1.0.30

libpng 1.0.31

1.0.31

libpng 1.0.32

1.0.32

libpng 1.0.33

1.0.33

libpng 1.0.34

1.0.34

libpng 1.0.35

1.0.35

libpng 1.0.37

1.0.37

libpng 1.0.38

1.0.38

libpng 1.0.39

1.0.39

libpng 1.0.40

1.0.40

libpng 1.0.41

1.0.41

libpng 1.0.42

1.0.42

libpng 1.0.43

1.0.43

libpng 1.0.44

1.0.44

libpng 1.0.45

1.0.45

libpng 1.0.46

1.0.46

libpng 1.0.47

1.0.47

libpng 1.0.48

1.0.48

libpng 1.0.50

1.0.50

libpng 1.0.51

1.0.51

libpng 1.0.52

1.0.52

libpng 1.0.53

1.0.53

libpng 1.0.54

1.0.54

libpng 1.2.0

1.2.0

libpng 1.2.1

1.2.1

libpng 1.2.2

1.2.2

libpng 1.2.3

1.2.3

libpng 1.2.10

1.2.10

libpng 1.2.11

1.2.11

libpng 1.2.13

1.2.13

libpng 1.2.14

1.2.14

libpng 1.2.15

1.2.15

libpng 1.2.16

1.2.16

libpng 1.2.17

1.2.17

libpng 1.2.18

1.2.18

libpng 1.2.19

1.2.19

libpng 1.2.20

1.2.20

libpng 1.2.21

1.2.21

libpng 1.2.22

1.2.22

libpng 1.2.23

1.2.23

libpng 1.2.24

1.2.24

libpng 1.2.25

1.2.25

libpng 1.2.26

1.2.26

libpng 1.2.27

1.2.27

libpng 1.2.28

1.2.28

libpng 1.2.29

1.2.29

libpng 1.2.30

1.2.30

libpng 1.2.31

1.2.31

libpng 1.2.32

1.2.32

libpng 1.2.33

1.2.33

libpng 1.2.34

1.2.34

libpng 1.2.35

1.2.35

libpng 1.2.36

1.2.36

libpng 1.2.37

1.2.37

libpng 1.2.38

1.2.38

libpng 1.2.39

1.2.39

References

http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18

49660

GLSA-201206-15

[oss-security] 20110322 CVE Request: libpng memory leak

[oss-security] 20110328 Re: CVE Request: libpng memory leak

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.