CVE-2009-2042

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.2.37

Description The issue is related to the improper parsing of 1-bit interlaced images with width values that are not divisible by 8. This can cause libpng to include uninitialized bits in certain rows of a PNG file, potentially allowing remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. The vulnerability may lead to a breach of confidentiality of protected information and can be exploited remotely.

Recommendations For libpng versions prior to 1.2.37, update to version 1.2.37 or later to resolve the issue.