PT-2011-1186 · Png Development · Libpng

Ludwig Nussel

Published

2011-08-31

Updated

2020-09-09

CVE-2009-5063

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions libpng versions prior to 1.5.10 libpng versions prior to 1.2.39beta5

Description The issue is related to a memory leak in the embedded profile len function in pngwutil.c, which can be exploited by context-dependent attackers to cause a denial of service, such as a memory leak or segmentation fault, via a JPEG image containing an iCCP chunk with a negative embedded profile length. Multiple vulnerabilities in the libpng package can lead to violations of confidentiality, integrity, and availability of protected information, and can be exploited remotely.

Recommendations For libpng versions prior to 1.2.39beta5, update to version 1.2.39beta5 or later. For libpng versions prior to 1.5.10, update to version 1.5.10 or later.

Fix

Memory Leak

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-401

Related Identifiers

AZL-41075

BDU:2015-09650

CVE-2009-5063

Affected Products

Libpng

PT-2011-1186 · Png Development · Libpng

CVE-2009-5063

Weakness Enumeration

Related Identifiers

Affected Products

References · 8