CVE-2009-5063

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18
http://secunia.com/advisories/49660	Broken Link
http://security.gentoo.org/glsa/glsa-201206-15.xml	Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/22/7	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/28/6	Mailing List Patch Third Party Advisory
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18
http://secunia.com/advisories/49660	Broken Link
http://security.gentoo.org/glsa/glsa-201206-15.xml	Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/22/7	Mailing List Patch Third Party Advisory
http://www.openwall.com/lists/oss-security/2011/03/28/6	Mailing List Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:libpng:libpng::::::::
	cpe:2.3:a:libpng:libpng:1.2.39:-::::::
	cpe:2.3:a:libpng:libpng:1.2.39:beta1::::::
	cpe:2.3:a:libpng:libpng:1.2.39:beta2::::::
	cpe:2.3:a:libpng:libpng:1.2.39:beta3::::::
	cpe:2.3:a:libpng:libpng:1.2.39:beta4::::::

History

21 Nov 2024, 01:11

Type	Values Removed	Values Added
References	~~() http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 -~~	() http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 -
References	~~() http://secunia.com/advisories/49660 - Broken Link~~	() http://secunia.com/advisories/49660 - Broken Link
References	~~() http://security.gentoo.org/glsa/glsa-201206-15.xml - Third Party Advisory~~	() http://security.gentoo.org/glsa/glsa-201206-15.xml - Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2011/03/22/7 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2011/03/22/7 - Mailing List, Patch, Third Party Advisory
References	~~() http://www.openwall.com/lists/oss-security/2011/03/28/6 - Mailing List, Patch, Third Party Advisory~~	() http://www.openwall.com/lists/oss-security/2011/03/28/6 - Mailing List, Patch, Third Party Advisory

07 Nov 2023, 02:04

Type	Values Removed	Values Added
References	{'url': 'http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18', 'name': 'http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18', 'tags': ['Third Party Advisory'], 'refsource': 'CONFIRM'}	() http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 -

Information

Published : 2011-08-31 23:55

Updated : 2024-11-21 01:11

NVD link : CVE-2009-5063

Mitre link : CVE-2009-5063

CVE.ORG link : CVE-2009-5063

JSON object : View

Products Affected

libpng

libpng

CWE

CWE-401

Missing Release of Memory after Effective Lifetime

5.0 /10