libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2009-06-12 20:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-2042
Mitre link : CVE-2009-2042
CVE.ORG link : CVE-2009-2042
JSON object : View
Products Affected
libpng
- libpng
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor