PT-2009-1092 · Libpng+1 · Libpng+1

Jeff Phillips

Published

2009-06-12

Updated

2017-08-17

CVE-2009-2042

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.2.37

Description The issue is related to the improper parsing of 1-bit interlaced images with width values that are not divisible by 8. This can cause libpng to include uninitialized bits in certain rows of a PNG file, potentially allowing remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. The vulnerability may lead to a breach of confidentiality of protected information and can be exploited remotely.

Recommendations For libpng versions prior to 1.2.37, update to version 1.2.37 or later to resolve the issue.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2015-09396

CVE-2009-2042

DSA-2032-1

RHSA-2010:0534

RHSA-2010_0534

Affected Products

Red Hat

Libpng

PT-2009-1092 · Libpng+1 · Libpng+1

CVE-2009-2042

Weakness Enumeration

Related Identifiers

Affected Products

References · 39