CVE-2009-5063

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.5.10 libpng versions prior to 1.2.39beta5

Description The issue is related to a memory leak in the embedded profile len function in pngwutil.c, which can be exploited by context-dependent attackers to cause a denial of service, such as a memory leak or segmentation fault, via a JPEG image containing an iCCP chunk with a negative embedded profile length. Multiple vulnerabilities in the libpng package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For libpng versions prior to 1.2.39beta5, update to version 1.2.39beta5 or later. For libpng versions prior to 1.5.10, update to version 1.5.10 or later.