ID CVE-2009-0040
Summary The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
References
Vulnerable Configurations
  • libpng 0.89c
    cpe:2.3:a:libpng:libpng:0.89c
  • libpng 0.95
    cpe:2.3:a:libpng:libpng:0.95
  • libpng 1.0.0
    cpe:2.3:a:libpng:libpng:1.0.0
  • libpng 1.0.1
    cpe:2.3:a:libpng:libpng:1.0.1
  • libpng 1.0.2
    cpe:2.3:a:libpng:libpng:1.0.2
  • libpng 1.0.3
    cpe:2.3:a:libpng:libpng:1.0.3
  • libpng 1.0.5
    cpe:2.3:a:libpng:libpng:1.0.5
  • libpng 1.0.6
    cpe:2.3:a:libpng:libpng:1.0.6
  • cpe:2.3:a:libpng:libpng:1.0.6:a
    cpe:2.3:a:libpng:libpng:1.0.6:a
  • cpe:2.3:a:libpng:libpng:1.0.6:d
    cpe:2.3:a:libpng:libpng:1.0.6:d
  • cpe:2.3:a:libpng:libpng:1.0.6:e
    cpe:2.3:a:libpng:libpng:1.0.6:e
  • cpe:2.3:a:libpng:libpng:1.0.6:f
    cpe:2.3:a:libpng:libpng:1.0.6:f
  • cpe:2.3:a:libpng:libpng:1.0.6:g
    cpe:2.3:a:libpng:libpng:1.0.6:g
  • cpe:2.3:a:libpng:libpng:1.0.6:h
    cpe:2.3:a:libpng:libpng:1.0.6:h
  • cpe:2.3:a:libpng:libpng:1.0.6:i
    cpe:2.3:a:libpng:libpng:1.0.6:i
  • cpe:2.3:a:libpng:libpng:1.0.6:j
    cpe:2.3:a:libpng:libpng:1.0.6:j
  • libpng 1.0.7
    cpe:2.3:a:libpng:libpng:1.0.7
  • cpe:2.3:a:libpng:libpng:1.0.7:beta11
    cpe:2.3:a:libpng:libpng:1.0.7:beta11
  • cpe:2.3:a:libpng:libpng:1.0.7:beta12
    cpe:2.3:a:libpng:libpng:1.0.7:beta12
  • cpe:2.3:a:libpng:libpng:1.0.7:beta13
    cpe:2.3:a:libpng:libpng:1.0.7:beta13
  • cpe:2.3:a:libpng:libpng:1.0.7:beta14
    cpe:2.3:a:libpng:libpng:1.0.7:beta14
  • cpe:2.3:a:libpng:libpng:1.0.7:beta15
    cpe:2.3:a:libpng:libpng:1.0.7:beta15
  • cpe:2.3:a:libpng:libpng:1.0.7:beta16
    cpe:2.3:a:libpng:libpng:1.0.7:beta16
  • cpe:2.3:a:libpng:libpng:1.0.7:beta17
    cpe:2.3:a:libpng:libpng:1.0.7:beta17
  • cpe:2.3:a:libpng:libpng:1.0.7:beta18
    cpe:2.3:a:libpng:libpng:1.0.7:beta18
  • cpe:2.3:a:libpng:libpng:1.0.7:rc1
    cpe:2.3:a:libpng:libpng:1.0.7:rc1
  • cpe:2.3:a:libpng:libpng:1.0.7:rc2
    cpe:2.3:a:libpng:libpng:1.0.7:rc2
  • libpng 1.0.8
    cpe:2.3:a:libpng:libpng:1.0.8
  • cpe:2.3:a:libpng:libpng:1.0.8:beta1
    cpe:2.3:a:libpng:libpng:1.0.8:beta1
  • cpe:2.3:a:libpng:libpng:1.0.8:beta2
    cpe:2.3:a:libpng:libpng:1.0.8:beta2
  • cpe:2.3:a:libpng:libpng:1.0.8:beta3
    cpe:2.3:a:libpng:libpng:1.0.8:beta3
  • cpe:2.3:a:libpng:libpng:1.0.8:beta4
    cpe:2.3:a:libpng:libpng:1.0.8:beta4
  • cpe:2.3:a:libpng:libpng:1.0.8:rc1
    cpe:2.3:a:libpng:libpng:1.0.8:rc1
  • libpng 1.0.9
    cpe:2.3:a:libpng:libpng:1.0.9
  • cpe:2.3:a:libpng:libpng:1.0.9:beta1
    cpe:2.3:a:libpng:libpng:1.0.9:beta1
  • cpe:2.3:a:libpng:libpng:1.0.9:beta10
    cpe:2.3:a:libpng:libpng:1.0.9:beta10
  • cpe:2.3:a:libpng:libpng:1.0.9:beta2
    cpe:2.3:a:libpng:libpng:1.0.9:beta2
  • cpe:2.3:a:libpng:libpng:1.0.9:beta3
    cpe:2.3:a:libpng:libpng:1.0.9:beta3
  • cpe:2.3:a:libpng:libpng:1.0.9:beta4
    cpe:2.3:a:libpng:libpng:1.0.9:beta4
  • cpe:2.3:a:libpng:libpng:1.0.9:beta5
    cpe:2.3:a:libpng:libpng:1.0.9:beta5
  • cpe:2.3:a:libpng:libpng:1.0.9:beta6
    cpe:2.3:a:libpng:libpng:1.0.9:beta6
  • cpe:2.3:a:libpng:libpng:1.0.9:beta7
    cpe:2.3:a:libpng:libpng:1.0.9:beta7
  • cpe:2.3:a:libpng:libpng:1.0.9:beta8
    cpe:2.3:a:libpng:libpng:1.0.9:beta8
  • cpe:2.3:a:libpng:libpng:1.0.9:beta9
    cpe:2.3:a:libpng:libpng:1.0.9:beta9
  • cpe:2.3:a:libpng:libpng:1.0.9:rc1
    cpe:2.3:a:libpng:libpng:1.0.9:rc1
  • cpe:2.3:a:libpng:libpng:1.0.9:rc2
    cpe:2.3:a:libpng:libpng:1.0.9:rc2
  • libpng 1.0.10
    cpe:2.3:a:libpng:libpng:1.0.10
  • cpe:2.3:a:libpng:libpng:1.0.10:beta1
    cpe:2.3:a:libpng:libpng:1.0.10:beta1
  • cpe:2.3:a:libpng:libpng:1.0.10:rc1
    cpe:2.3:a:libpng:libpng:1.0.10:rc1
  • libpng 1.0.11
    cpe:2.3:a:libpng:libpng:1.0.11
  • cpe:2.3:a:libpng:libpng:1.0.11:beta1
    cpe:2.3:a:libpng:libpng:1.0.11:beta1
  • cpe:2.3:a:libpng:libpng:1.0.11:beta2
    cpe:2.3:a:libpng:libpng:1.0.11:beta2
  • cpe:2.3:a:libpng:libpng:1.0.11:beta3
    cpe:2.3:a:libpng:libpng:1.0.11:beta3
  • cpe:2.3:a:libpng:libpng:1.0.11:rc1
    cpe:2.3:a:libpng:libpng:1.0.11:rc1
  • libpng 1.0.12
    cpe:2.3:a:libpng:libpng:1.0.12
  • cpe:2.3:a:libpng:libpng:1.0.12:beta1
    cpe:2.3:a:libpng:libpng:1.0.12:beta1
  • cpe:2.3:a:libpng:libpng:1.0.12:rc1
    cpe:2.3:a:libpng:libpng:1.0.12:rc1
  • libpng 1.0.13
    cpe:2.3:a:libpng:libpng:1.0.13
  • libpng 1.0.14
    cpe:2.3:a:libpng:libpng:1.0.14
  • libpng 1.0.15
    cpe:2.3:a:libpng:libpng:1.0.15
  • cpe:2.3:a:libpng:libpng:1.0.15:rc1
    cpe:2.3:a:libpng:libpng:1.0.15:rc1
  • cpe:2.3:a:libpng:libpng:1.0.15:rc2
    cpe:2.3:a:libpng:libpng:1.0.15:rc2
  • cpe:2.3:a:libpng:libpng:1.0.15:rc3
    cpe:2.3:a:libpng:libpng:1.0.15:rc3
  • libpng 1.0.16
    cpe:2.3:a:libpng:libpng:1.0.16
  • libpng 1.0.17
    cpe:2.3:a:libpng:libpng:1.0.17
  • cpe:2.3:a:libpng:libpng:1.0.17:rc1
    cpe:2.3:a:libpng:libpng:1.0.17:rc1
  • libpng 1.0.18
    cpe:2.3:a:libpng:libpng:1.0.18
  • libpng 1.0.19
    cpe:2.3:a:libpng:libpng:1.0.19
  • cpe:2.3:a:libpng:libpng:1.0.19:rc1
    cpe:2.3:a:libpng:libpng:1.0.19:rc1
  • cpe:2.3:a:libpng:libpng:1.0.19:rc2
    cpe:2.3:a:libpng:libpng:1.0.19:rc2
  • cpe:2.3:a:libpng:libpng:1.0.19:rc3
    cpe:2.3:a:libpng:libpng:1.0.19:rc3
  • cpe:2.3:a:libpng:libpng:1.0.19:rc5
    cpe:2.3:a:libpng:libpng:1.0.19:rc5
  • libpng 1.0.20
    cpe:2.3:a:libpng:libpng:1.0.20
  • libpng 1.0.21
    cpe:2.3:a:libpng:libpng:1.0.21
  • cpe:2.3:a:libpng:libpng:1.0.21:rc1
    cpe:2.3:a:libpng:libpng:1.0.21:rc1
  • cpe:2.3:a:libpng:libpng:1.0.21:rc2
    cpe:2.3:a:libpng:libpng:1.0.21:rc2
  • libpng 1.0.22
    cpe:2.3:a:libpng:libpng:1.0.22
  • cpe:2.3:a:libpng:libpng:1.0.22:rc1
    cpe:2.3:a:libpng:libpng:1.0.22:rc1
  • libpng 1.0.23
    cpe:2.3:a:libpng:libpng:1.0.23
  • cpe:2.3:a:libpng:libpng:1.0.23:rc1
    cpe:2.3:a:libpng:libpng:1.0.23:rc1
  • cpe:2.3:a:libpng:libpng:1.0.23:rc2
    cpe:2.3:a:libpng:libpng:1.0.23:rc2
  • cpe:2.3:a:libpng:libpng:1.0.23:rc3
    cpe:2.3:a:libpng:libpng:1.0.23:rc3
  • cpe:2.3:a:libpng:libpng:1.0.23:rc4
    cpe:2.3:a:libpng:libpng:1.0.23:rc4
  • cpe:2.3:a:libpng:libpng:1.0.23:rc5
    cpe:2.3:a:libpng:libpng:1.0.23:rc5
  • libpng 1.0.24
    cpe:2.3:a:libpng:libpng:1.0.24
  • cpe:2.3:a:libpng:libpng:1.0.24:rc1
    cpe:2.3:a:libpng:libpng:1.0.24:rc1
  • libpng 1.0.25
    cpe:2.3:a:libpng:libpng:1.0.25
  • cpe:2.3:a:libpng:libpng:1.0.25:rc1
    cpe:2.3:a:libpng:libpng:1.0.25:rc1
  • cpe:2.3:a:libpng:libpng:1.0.25:rc2
    cpe:2.3:a:libpng:libpng:1.0.25:rc2
  • libpng 1.0.26
    cpe:2.3:a:libpng:libpng:1.0.26
  • libpng 1.0.27
    cpe:2.3:a:libpng:libpng:1.0.27
  • cpe:2.3:a:libpng:libpng:1.0.27:rc1
    cpe:2.3:a:libpng:libpng:1.0.27:rc1
  • cpe:2.3:a:libpng:libpng:1.0.27:rc2
    cpe:2.3:a:libpng:libpng:1.0.27:rc2
  • cpe:2.3:a:libpng:libpng:1.0.27:rc3
    cpe:2.3:a:libpng:libpng:1.0.27:rc3
  • cpe:2.3:a:libpng:libpng:1.0.27:rc4
    cpe:2.3:a:libpng:libpng:1.0.27:rc4
  • cpe:2.3:a:libpng:libpng:1.0.27:rc5
    cpe:2.3:a:libpng:libpng:1.0.27:rc5
  • cpe:2.3:a:libpng:libpng:1.0.27:rc6
    cpe:2.3:a:libpng:libpng:1.0.27:rc6
  • libpng 1.0.28
    cpe:2.3:a:libpng:libpng:1.0.28
  • cpe:2.3:a:libpng:libpng:1.0.28:rc2
    cpe:2.3:a:libpng:libpng:1.0.28:rc2
  • cpe:2.3:a:libpng:libpng:1.0.28:rc3
    cpe:2.3:a:libpng:libpng:1.0.28:rc3
  • cpe:2.3:a:libpng:libpng:1.0.28:rc4
    cpe:2.3:a:libpng:libpng:1.0.28:rc4
  • cpe:2.3:a:libpng:libpng:1.0.28:rc5
    cpe:2.3:a:libpng:libpng:1.0.28:rc5
  • cpe:2.3:a:libpng:libpng:1.0.28:rc6
    cpe:2.3:a:libpng:libpng:1.0.28:rc6
  • libpng 1.0.29
    cpe:2.3:a:libpng:libpng:1.0.29
  • cpe:2.3:a:libpng:libpng:1.0.29:beta1
    cpe:2.3:a:libpng:libpng:1.0.29:beta1
  • cpe:2.3:a:libpng:libpng:1.0.29:rc1
    cpe:2.3:a:libpng:libpng:1.0.29:rc1
  • cpe:2.3:a:libpng:libpng:1.0.29:rc2
    cpe:2.3:a:libpng:libpng:1.0.29:rc2
  • cpe:2.3:a:libpng:libpng:1.0.29:rc3
    cpe:2.3:a:libpng:libpng:1.0.29:rc3
  • libpng 1.0.30
    cpe:2.3:a:libpng:libpng:1.0.30
  • libpng 1.0.31
    cpe:2.3:a:libpng:libpng:1.0.31
  • libpng 1.0.32
    cpe:2.3:a:libpng:libpng:1.0.32
  • libpng 1.0.33
    cpe:2.3:a:libpng:libpng:1.0.33
  • libpng 1.0.34
    cpe:2.3:a:libpng:libpng:1.0.34
  • libpng 1.0.35
    cpe:2.3:a:libpng:libpng:1.0.35
  • libpng 1.0.37
    cpe:2.3:a:libpng:libpng:1.0.37
  • libpng 1.0.38
    cpe:2.3:a:libpng:libpng:1.0.38
  • libpng 1.0.39
    cpe:2.3:a:libpng:libpng:1.0.39
  • libpng 1.0.40
    cpe:2.3:a:libpng:libpng:1.0.40
  • libpng 1.0.41
    cpe:2.3:a:libpng:libpng:1.0.41
  • libpng 1.0.42
    cpe:2.3:a:libpng:libpng:1.0.42
  • libpng 1.2.0
    cpe:2.3:a:libpng:libpng:1.2.0
  • cpe:2.3:a:libpng:libpng:1.2.0:beta1
    cpe:2.3:a:libpng:libpng:1.2.0:beta1
  • cpe:2.3:a:libpng:libpng:1.2.0:beta2
    cpe:2.3:a:libpng:libpng:1.2.0:beta2
  • cpe:2.3:a:libpng:libpng:1.2.0:beta3
    cpe:2.3:a:libpng:libpng:1.2.0:beta3
  • cpe:2.3:a:libpng:libpng:1.2.0:beta4
    cpe:2.3:a:libpng:libpng:1.2.0:beta4
  • cpe:2.3:a:libpng:libpng:1.2.0:beta5
    cpe:2.3:a:libpng:libpng:1.2.0:beta5
  • cpe:2.3:a:libpng:libpng:1.2.0:rc1
    cpe:2.3:a:libpng:libpng:1.2.0:rc1
  • libpng 1.2.1
    cpe:2.3:a:libpng:libpng:1.2.1
  • cpe:2.3:a:libpng:libpng:1.2.1:beta1
    cpe:2.3:a:libpng:libpng:1.2.1:beta1
  • cpe:2.3:a:libpng:libpng:1.2.1:beta2
    cpe:2.3:a:libpng:libpng:1.2.1:beta2
  • cpe:2.3:a:libpng:libpng:1.2.1:beta3
    cpe:2.3:a:libpng:libpng:1.2.1:beta3
  • cpe:2.3:a:libpng:libpng:1.2.1:beta4
    cpe:2.3:a:libpng:libpng:1.2.1:beta4
  • cpe:2.3:a:libpng:libpng:1.2.1:rc1
    cpe:2.3:a:libpng:libpng:1.2.1:rc1
  • cpe:2.3:a:libpng:libpng:1.2.1:rc2
    cpe:2.3:a:libpng:libpng:1.2.1:rc2
  • libpng 1.2.2
    cpe:2.3:a:libpng:libpng:1.2.2
  • cpe:2.3:a:libpng:libpng:1.2.2:beta1
    cpe:2.3:a:libpng:libpng:1.2.2:beta1
  • cpe:2.3:a:libpng:libpng:1.2.2:beta2
    cpe:2.3:a:libpng:libpng:1.2.2:beta2
  • cpe:2.3:a:libpng:libpng:1.2.2:beta3
    cpe:2.3:a:libpng:libpng:1.2.2:beta3
  • cpe:2.3:a:libpng:libpng:1.2.2:beta4
    cpe:2.3:a:libpng:libpng:1.2.2:beta4
  • cpe:2.3:a:libpng:libpng:1.2.2:beta5
    cpe:2.3:a:libpng:libpng:1.2.2:beta5
  • cpe:2.3:a:libpng:libpng:1.2.2:beta6
    cpe:2.3:a:libpng:libpng:1.2.2:beta6
  • cpe:2.3:a:libpng:libpng:1.2.2:rc1
    cpe:2.3:a:libpng:libpng:1.2.2:rc1
  • libpng 1.2.3
    cpe:2.3:a:libpng:libpng:1.2.3
  • cpe:2.3:a:libpng:libpng:1.2.3:rc1
    cpe:2.3:a:libpng:libpng:1.2.3:rc1
  • cpe:2.3:a:libpng:libpng:1.2.3:rc2
    cpe:2.3:a:libpng:libpng:1.2.3:rc2
  • cpe:2.3:a:libpng:libpng:1.2.3:rc3
    cpe:2.3:a:libpng:libpng:1.2.3:rc3
  • cpe:2.3:a:libpng:libpng:1.2.3:rc4
    cpe:2.3:a:libpng:libpng:1.2.3:rc4
  • cpe:2.3:a:libpng:libpng:1.2.3:rc5
    cpe:2.3:a:libpng:libpng:1.2.3:rc5
  • cpe:2.3:a:libpng:libpng:1.2.3:rc6
    cpe:2.3:a:libpng:libpng:1.2.3:rc6
  • libpng 1.2.4
    cpe:2.3:a:libpng:libpng:1.2.4
  • cpe:2.3:a:libpng:libpng:1.2.4:beta1
    cpe:2.3:a:libpng:libpng:1.2.4:beta1
  • cpe:2.3:a:libpng:libpng:1.2.4:beta2
    cpe:2.3:a:libpng:libpng:1.2.4:beta2
  • cpe:2.3:a:libpng:libpng:1.2.4:beta3
    cpe:2.3:a:libpng:libpng:1.2.4:beta3
  • cpe:2.3:a:libpng:libpng:1.2.4:rc1
    cpe:2.3:a:libpng:libpng:1.2.4:rc1
  • libpng 1.2.5
    cpe:2.3:a:libpng:libpng:1.2.5
  • cpe:2.3:a:libpng:libpng:1.2.5:beta1
    cpe:2.3:a:libpng:libpng:1.2.5:beta1
  • cpe:2.3:a:libpng:libpng:1.2.5:beta2
    cpe:2.3:a:libpng:libpng:1.2.5:beta2
  • cpe:2.3:a:libpng:libpng:1.2.5:beta3
    cpe:2.3:a:libpng:libpng:1.2.5:beta3
  • cpe:2.3:a:libpng:libpng:1.2.5:rc1
    cpe:2.3:a:libpng:libpng:1.2.5:rc1
  • cpe:2.3:a:libpng:libpng:1.2.5:rc2
    cpe:2.3:a:libpng:libpng:1.2.5:rc2
  • cpe:2.3:a:libpng:libpng:1.2.5:rc3
    cpe:2.3:a:libpng:libpng:1.2.5:rc3
  • libpng 1.2.6
    cpe:2.3:a:libpng:libpng:1.2.6
  • cpe:2.3:a:libpng:libpng:1.2.6:beta1
    cpe:2.3:a:libpng:libpng:1.2.6:beta1
  • cpe:2.3:a:libpng:libpng:1.2.6:beta2
    cpe:2.3:a:libpng:libpng:1.2.6:beta2
  • cpe:2.3:a:libpng:libpng:1.2.6:beta3
    cpe:2.3:a:libpng:libpng:1.2.6:beta3
  • cpe:2.3:a:libpng:libpng:1.2.6:beta4
    cpe:2.3:a:libpng:libpng:1.2.6:beta4
  • cpe:2.3:a:libpng:libpng:1.2.6:rc1
    cpe:2.3:a:libpng:libpng:1.2.6:rc1
  • cpe:2.3:a:libpng:libpng:1.2.6:rc2
    cpe:2.3:a:libpng:libpng:1.2.6:rc2
  • cpe:2.3:a:libpng:libpng:1.2.6:rc3
    cpe:2.3:a:libpng:libpng:1.2.6:rc3
  • cpe:2.3:a:libpng:libpng:1.2.6:rc4
    cpe:2.3:a:libpng:libpng:1.2.6:rc4
  • cpe:2.3:a:libpng:libpng:1.2.6:rc5
    cpe:2.3:a:libpng:libpng:1.2.6:rc5
  • libpng 1.2.7
    cpe:2.3:a:libpng:libpng:1.2.7
  • cpe:2.3:a:libpng:libpng:1.2.7:beta1
    cpe:2.3:a:libpng:libpng:1.2.7:beta1
  • cpe:2.3:a:libpng:libpng:1.2.7:beta2
    cpe:2.3:a:libpng:libpng:1.2.7:beta2
  • libpng 1.2.8
    cpe:2.3:a:libpng:libpng:1.2.8
  • cpe:2.3:a:libpng:libpng:1.2.8:beta1
    cpe:2.3:a:libpng:libpng:1.2.8:beta1
  • cpe:2.3:a:libpng:libpng:1.2.8:beta2
    cpe:2.3:a:libpng:libpng:1.2.8:beta2
  • cpe:2.3:a:libpng:libpng:1.2.8:beta3
    cpe:2.3:a:libpng:libpng:1.2.8:beta3
  • cpe:2.3:a:libpng:libpng:1.2.8:beta4
    cpe:2.3:a:libpng:libpng:1.2.8:beta4
  • cpe:2.3:a:libpng:libpng:1.2.8:beta5
    cpe:2.3:a:libpng:libpng:1.2.8:beta5
  • cpe:2.3:a:libpng:libpng:1.2.8:rc1
    cpe:2.3:a:libpng:libpng:1.2.8:rc1
  • cpe:2.3:a:libpng:libpng:1.2.8:rc2
    cpe:2.3:a:libpng:libpng:1.2.8:rc2
  • cpe:2.3:a:libpng:libpng:1.2.8:rc3
    cpe:2.3:a:libpng:libpng:1.2.8:rc3
  • cpe:2.3:a:libpng:libpng:1.2.8:rc4
    cpe:2.3:a:libpng:libpng:1.2.8:rc4
  • cpe:2.3:a:libpng:libpng:1.2.8:rc5
    cpe:2.3:a:libpng:libpng:1.2.8:rc5
  • libpng 1.2.9
    cpe:2.3:a:libpng:libpng:1.2.9
  • cpe:2.3:a:libpng:libpng:1.2.9:beta1
    cpe:2.3:a:libpng:libpng:1.2.9:beta1
  • cpe:2.3:a:libpng:libpng:1.2.9:beta10
    cpe:2.3:a:libpng:libpng:1.2.9:beta10
  • cpe:2.3:a:libpng:libpng:1.2.9:beta2
    cpe:2.3:a:libpng:libpng:1.2.9:beta2
  • cpe:2.3:a:libpng:libpng:1.2.9:beta3
    cpe:2.3:a:libpng:libpng:1.2.9:beta3
  • cpe:2.3:a:libpng:libpng:1.2.9:beta4
    cpe:2.3:a:libpng:libpng:1.2.9:beta4
  • cpe:2.3:a:libpng:libpng:1.2.9:beta5
    cpe:2.3:a:libpng:libpng:1.2.9:beta5
  • cpe:2.3:a:libpng:libpng:1.2.9:beta6
    cpe:2.3:a:libpng:libpng:1.2.9:beta6
  • cpe:2.3:a:libpng:libpng:1.2.9:beta7
    cpe:2.3:a:libpng:libpng:1.2.9:beta7
  • cpe:2.3:a:libpng:libpng:1.2.9:beta8
    cpe:2.3:a:libpng:libpng:1.2.9:beta8
  • cpe:2.3:a:libpng:libpng:1.2.9:beta9
    cpe:2.3:a:libpng:libpng:1.2.9:beta9
  • cpe:2.3:a:libpng:libpng:1.2.9:rc1
    cpe:2.3:a:libpng:libpng:1.2.9:rc1
  • libpng 1.2.10
    cpe:2.3:a:libpng:libpng:1.2.10
  • cpe:2.3:a:libpng:libpng:1.2.10:beta1
    cpe:2.3:a:libpng:libpng:1.2.10:beta1
  • cpe:2.3:a:libpng:libpng:1.2.10:beta2
    cpe:2.3:a:libpng:libpng:1.2.10:beta2
  • cpe:2.3:a:libpng:libpng:1.2.10:beta3
    cpe:2.3:a:libpng:libpng:1.2.10:beta3
  • cpe:2.3:a:libpng:libpng:1.2.10:beta4
    cpe:2.3:a:libpng:libpng:1.2.10:beta4
  • cpe:2.3:a:libpng:libpng:1.2.10:beta5
    cpe:2.3:a:libpng:libpng:1.2.10:beta5
  • cpe:2.3:a:libpng:libpng:1.2.10:beta6
    cpe:2.3:a:libpng:libpng:1.2.10:beta6
  • cpe:2.3:a:libpng:libpng:1.2.10:beta7
    cpe:2.3:a:libpng:libpng:1.2.10:beta7
  • cpe:2.3:a:libpng:libpng:1.2.10:rc1
    cpe:2.3:a:libpng:libpng:1.2.10:rc1
  • cpe:2.3:a:libpng:libpng:1.2.10:rc2
    cpe:2.3:a:libpng:libpng:1.2.10:rc2
  • cpe:2.3:a:libpng:libpng:1.2.10:rc3
    cpe:2.3:a:libpng:libpng:1.2.10:rc3
  • libpng 1.2.11
    cpe:2.3:a:libpng:libpng:1.2.11
  • cpe:2.3:a:libpng:libpng:1.2.11:beta1
    cpe:2.3:a:libpng:libpng:1.2.11:beta1
  • cpe:2.3:a:libpng:libpng:1.2.11:beta2
    cpe:2.3:a:libpng:libpng:1.2.11:beta2
  • cpe:2.3:a:libpng:libpng:1.2.11:beta3
    cpe:2.3:a:libpng:libpng:1.2.11:beta3
  • cpe:2.3:a:libpng:libpng:1.2.11:beta4
    cpe:2.3:a:libpng:libpng:1.2.11:beta4
  • cpe:2.3:a:libpng:libpng:1.2.11:rc1
    cpe:2.3:a:libpng:libpng:1.2.11:rc1
  • cpe:2.3:a:libpng:libpng:1.2.11:rc2
    cpe:2.3:a:libpng:libpng:1.2.11:rc2
  • cpe:2.3:a:libpng:libpng:1.2.11:rc3
    cpe:2.3:a:libpng:libpng:1.2.11:rc3
  • cpe:2.3:a:libpng:libpng:1.2.11:rc5
    cpe:2.3:a:libpng:libpng:1.2.11:rc5
  • libpng 1.2.13
    cpe:2.3:a:libpng:libpng:1.2.13
  • cpe:2.3:a:libpng:libpng:1.2.13:beta1
    cpe:2.3:a:libpng:libpng:1.2.13:beta1
  • cpe:2.3:a:libpng:libpng:1.2.13:rc1
    cpe:2.3:a:libpng:libpng:1.2.13:rc1
  • cpe:2.3:a:libpng:libpng:1.2.13:rc2
    cpe:2.3:a:libpng:libpng:1.2.13:rc2
  • libpng 1.2.14
    cpe:2.3:a:libpng:libpng:1.2.14
  • cpe:2.3:a:libpng:libpng:1.2.14:beta1
    cpe:2.3:a:libpng:libpng:1.2.14:beta1
  • cpe:2.3:a:libpng:libpng:1.2.14:beta2
    cpe:2.3:a:libpng:libpng:1.2.14:beta2
  • cpe:2.3:a:libpng:libpng:1.2.14:rc1
    cpe:2.3:a:libpng:libpng:1.2.14:rc1
  • libpng 1.2.15
    cpe:2.3:a:libpng:libpng:1.2.15
  • cpe:2.3:a:libpng:libpng:1.2.15:beta1
    cpe:2.3:a:libpng:libpng:1.2.15:beta1
  • cpe:2.3:a:libpng:libpng:1.2.15:beta2
    cpe:2.3:a:libpng:libpng:1.2.15:beta2
  • cpe:2.3:a:libpng:libpng:1.2.15:beta3
    cpe:2.3:a:libpng:libpng:1.2.15:beta3
  • cpe:2.3:a:libpng:libpng:1.2.15:beta4
    cpe:2.3:a:libpng:libpng:1.2.15:beta4
  • cpe:2.3:a:libpng:libpng:1.2.15:beta5
    cpe:2.3:a:libpng:libpng:1.2.15:beta5
  • cpe:2.3:a:libpng:libpng:1.2.15:beta6
    cpe:2.3:a:libpng:libpng:1.2.15:beta6
  • cpe:2.3:a:libpng:libpng:1.2.15:rc1
    cpe:2.3:a:libpng:libpng:1.2.15:rc1
  • cpe:2.3:a:libpng:libpng:1.2.15:rc2
    cpe:2.3:a:libpng:libpng:1.2.15:rc2
  • cpe:2.3:a:libpng:libpng:1.2.15:rc3
    cpe:2.3:a:libpng:libpng:1.2.15:rc3
  • cpe:2.3:a:libpng:libpng:1.2.15:rc4
    cpe:2.3:a:libpng:libpng:1.2.15:rc4
  • cpe:2.3:a:libpng:libpng:1.2.15:rc5
    cpe:2.3:a:libpng:libpng:1.2.15:rc5
  • libpng 1.2.16
    cpe:2.3:a:libpng:libpng:1.2.16
  • cpe:2.3:a:libpng:libpng:1.2.16:beta1
    cpe:2.3:a:libpng:libpng:1.2.16:beta1
  • cpe:2.3:a:libpng:libpng:1.2.16:beta2
    cpe:2.3:a:libpng:libpng:1.2.16:beta2
  • cpe:2.3:a:libpng:libpng:1.2.16:rc1
    cpe:2.3:a:libpng:libpng:1.2.16:rc1
  • libpng 1.2.17
    cpe:2.3:a:libpng:libpng:1.2.17
  • cpe:2.3:a:libpng:libpng:1.2.17:beta1
    cpe:2.3:a:libpng:libpng:1.2.17:beta1
  • cpe:2.3:a:libpng:libpng:1.2.17:beta2
    cpe:2.3:a:libpng:libpng:1.2.17:beta2
  • cpe:2.3:a:libpng:libpng:1.2.17:rc1
    cpe:2.3:a:libpng:libpng:1.2.17:rc1
  • cpe:2.3:a:libpng:libpng:1.2.17:rc2
    cpe:2.3:a:libpng:libpng:1.2.17:rc2
  • cpe:2.3:a:libpng:libpng:1.2.17:rc3
    cpe:2.3:a:libpng:libpng:1.2.17:rc3
  • cpe:2.3:a:libpng:libpng:1.2.17:rc4
    cpe:2.3:a:libpng:libpng:1.2.17:rc4
  • libpng 1.2.18
    cpe:2.3:a:libpng:libpng:1.2.18
  • libpng 1.2.19
    cpe:2.3:a:libpng:libpng:1.2.19
  • cpe:2.3:a:libpng:libpng:1.2.19:beta1
    cpe:2.3:a:libpng:libpng:1.2.19:beta1
  • cpe:2.3:a:libpng:libpng:1.2.19:beta10
    cpe:2.3:a:libpng:libpng:1.2.19:beta10
  • cpe:2.3:a:libpng:libpng:1.2.19:beta11
    cpe:2.3:a:libpng:libpng:1.2.19:beta11
  • cpe:2.3:a:libpng:libpng:1.2.19:beta12
    cpe:2.3:a:libpng:libpng:1.2.19:beta12
  • cpe:2.3:a:libpng:libpng:1.2.19:beta13
    cpe:2.3:a:libpng:libpng:1.2.19:beta13
  • cpe:2.3:a:libpng:libpng:1.2.19:beta14
    cpe:2.3:a:libpng:libpng:1.2.19:beta14
  • cpe:2.3:a:libpng:libpng:1.2.19:beta15
    cpe:2.3:a:libpng:libpng:1.2.19:beta15
  • cpe:2.3:a:libpng:libpng:1.2.19:beta16
    cpe:2.3:a:libpng:libpng:1.2.19:beta16
  • cpe:2.3:a:libpng:libpng:1.2.19:beta17
    cpe:2.3:a:libpng:libpng:1.2.19:beta17
  • cpe:2.3:a:libpng:libpng:1.2.19:beta18
    cpe:2.3:a:libpng:libpng:1.2.19:beta18
  • cpe:2.3:a:libpng:libpng:1.2.19:beta19
    cpe:2.3:a:libpng:libpng:1.2.19:beta19
  • cpe:2.3:a:libpng:libpng:1.2.19:beta2
    cpe:2.3:a:libpng:libpng:1.2.19:beta2
  • cpe:2.3:a:libpng:libpng:1.2.19:beta20
    cpe:2.3:a:libpng:libpng:1.2.19:beta20
  • cpe:2.3:a:libpng:libpng:1.2.19:beta21
    cpe:2.3:a:libpng:libpng:1.2.19:beta21
  • cpe:2.3:a:libpng:libpng:1.2.19:beta22
    cpe:2.3:a:libpng:libpng:1.2.19:beta22
  • cpe:2.3:a:libpng:libpng:1.2.19:beta23
    cpe:2.3:a:libpng:libpng:1.2.19:beta23
  • cpe:2.3:a:libpng:libpng:1.2.19:beta24
    cpe:2.3:a:libpng:libpng:1.2.19:beta24
  • cpe:2.3:a:libpng:libpng:1.2.19:beta25
    cpe:2.3:a:libpng:libpng:1.2.19:beta25
  • cpe:2.3:a:libpng:libpng:1.2.19:beta26
    cpe:2.3:a:libpng:libpng:1.2.19:beta26
  • cpe:2.3:a:libpng:libpng:1.2.19:beta27
    cpe:2.3:a:libpng:libpng:1.2.19:beta27
  • cpe:2.3:a:libpng:libpng:1.2.19:beta28
    cpe:2.3:a:libpng:libpng:1.2.19:beta28
  • cpe:2.3:a:libpng:libpng:1.2.19:beta29
    cpe:2.3:a:libpng:libpng:1.2.19:beta29
  • cpe:2.3:a:libpng:libpng:1.2.19:beta3
    cpe:2.3:a:libpng:libpng:1.2.19:beta3
  • cpe:2.3:a:libpng:libpng:1.2.19:beta30
    cpe:2.3:a:libpng:libpng:1.2.19:beta30
  • cpe:2.3:a:libpng:libpng:1.2.19:beta31
    cpe:2.3:a:libpng:libpng:1.2.19:beta31
  • cpe:2.3:a:libpng:libpng:1.2.19:beta32
    cpe:2.3:a:libpng:libpng:1.2.19:beta32
  • cpe:2.3:a:libpng:libpng:1.2.19:beta33
    cpe:2.3:a:libpng:libpng:1.2.19:beta33
  • cpe:2.3:a:libpng:libpng:1.2.19:beta4
    cpe:2.3:a:libpng:libpng:1.2.19:beta4
  • cpe:2.3:a:libpng:libpng:1.2.19:beta5
    cpe:2.3:a:libpng:libpng:1.2.19:beta5
  • cpe:2.3:a:libpng:libpng:1.2.19:beta6
    cpe:2.3:a:libpng:libpng:1.2.19:beta6
  • cpe:2.3:a:libpng:libpng:1.2.19:beta7
    cpe:2.3:a:libpng:libpng:1.2.19:beta7
  • cpe:2.3:a:libpng:libpng:1.2.19:beta8
    cpe:2.3:a:libpng:libpng:1.2.19:beta8
  • cpe:2.3:a:libpng:libpng:1.2.19:beta9
    cpe:2.3:a:libpng:libpng:1.2.19:beta9
  • cpe:2.3:a:libpng:libpng:1.2.19:rc1
    cpe:2.3:a:libpng:libpng:1.2.19:rc1
  • cpe:2.3:a:libpng:libpng:1.2.19:rc2
    cpe:2.3:a:libpng:libpng:1.2.19:rc2
  • cpe:2.3:a:libpng:libpng:1.2.19:rc3
    cpe:2.3:a:libpng:libpng:1.2.19:rc3
  • cpe:2.3:a:libpng:libpng:1.2.19:rc4
    cpe:2.3:a:libpng:libpng:1.2.19:rc4
  • cpe:2.3:a:libpng:libpng:1.2.19:rc5
    cpe:2.3:a:libpng:libpng:1.2.19:rc5
  • cpe:2.3:a:libpng:libpng:1.2.19:rc6
    cpe:2.3:a:libpng:libpng:1.2.19:rc6
  • libpng 1.2.20
    cpe:2.3:a:libpng:libpng:1.2.20
  • cpe:2.3:a:libpng:libpng:1.2.20:rc1
    cpe:2.3:a:libpng:libpng:1.2.20:rc1
  • cpe:2.3:a:libpng:libpng:1.2.20:rc2
    cpe:2.3:a:libpng:libpng:1.2.20:rc2
  • cpe:2.3:a:libpng:libpng:1.2.20:rc3
    cpe:2.3:a:libpng:libpng:1.2.20:rc3
  • cpe:2.3:a:libpng:libpng:1.2.20:rc4
    cpe:2.3:a:libpng:libpng:1.2.20:rc4
  • cpe:2.3:a:libpng:libpng:1.2.20:rc5
    cpe:2.3:a:libpng:libpng:1.2.20:rc5
  • cpe:2.3:a:libpng:libpng:1.2.20:rc6
    cpe:2.3:a:libpng:libpng:1.2.20:rc6
  • libpng 1.2.21
    cpe:2.3:a:libpng:libpng:1.2.21
  • cpe:2.3:a:libpng:libpng:1.2.21:beta1
    cpe:2.3:a:libpng:libpng:1.2.21:beta1
  • cpe:2.3:a:libpng:libpng:1.2.21:beta2
    cpe:2.3:a:libpng:libpng:1.2.21:beta2
  • cpe:2.3:a:libpng:libpng:1.2.21:rc1
    cpe:2.3:a:libpng:libpng:1.2.21:rc1
  • cpe:2.3:a:libpng:libpng:1.2.21:rc2
    cpe:2.3:a:libpng:libpng:1.2.21:rc2
  • cpe:2.3:a:libpng:libpng:1.2.21:rc3
    cpe:2.3:a:libpng:libpng:1.2.21:rc3
  • libpng 1.2.22
    cpe:2.3:a:libpng:libpng:1.2.22
  • cpe:2.3:a:libpng:libpng:1.2.22:beta1
    cpe:2.3:a:libpng:libpng:1.2.22:beta1
  • cpe:2.3:a:libpng:libpng:1.2.22:beta2
    cpe:2.3:a:libpng:libpng:1.2.22:beta2
  • cpe:2.3:a:libpng:libpng:1.2.22:beta3
    cpe:2.3:a:libpng:libpng:1.2.22:beta3
  • cpe:2.3:a:libpng:libpng:1.2.22:beta4
    cpe:2.3:a:libpng:libpng:1.2.22:beta4
  • cpe:2.3:a:libpng:libpng:1.2.22:rc1
    cpe:2.3:a:libpng:libpng:1.2.22:rc1
  • libpng 1.2.23
    cpe:2.3:a:libpng:libpng:1.2.23
  • libpng 1.2.24
    cpe:2.3:a:libpng:libpng:1.2.24
  • libpng 1.2.25
    cpe:2.3:a:libpng:libpng:1.2.25
  • cpe:2.3:a:libpng:libpng:1.2.25:beta03
    cpe:2.3:a:libpng:libpng:1.2.25:beta03
  • cpe:2.3:a:libpng:libpng:1.2.25:beta04
    cpe:2.3:a:libpng:libpng:1.2.25:beta04
  • cpe:2.3:a:libpng:libpng:1.2.25:beta05
    cpe:2.3:a:libpng:libpng:1.2.25:beta05
  • cpe:2.3:a:libpng:libpng:1.2.25:beta06
    cpe:2.3:a:libpng:libpng:1.2.25:beta06
  • cpe:2.3:a:libpng:libpng:1.2.25:rc01
    cpe:2.3:a:libpng:libpng:1.2.25:rc01
  • cpe:2.3:a:libpng:libpng:1.2.25:rc02
    cpe:2.3:a:libpng:libpng:1.2.25:rc02
  • libpng 1.2.26
    cpe:2.3:a:libpng:libpng:1.2.26
  • cpe:2.3:a:libpng:libpng:1.2.26:beta01
    cpe:2.3:a:libpng:libpng:1.2.26:beta01
  • cpe:2.3:a:libpng:libpng:1.2.26:beta02
    cpe:2.3:a:libpng:libpng:1.2.26:beta02
  • cpe:2.3:a:libpng:libpng:1.2.26:beta03
    cpe:2.3:a:libpng:libpng:1.2.26:beta03
  • cpe:2.3:a:libpng:libpng:1.2.26:beta04
    cpe:2.3:a:libpng:libpng:1.2.26:beta04
  • cpe:2.3:a:libpng:libpng:1.2.26:beta05
    cpe:2.3:a:libpng:libpng:1.2.26:beta05
  • cpe:2.3:a:libpng:libpng:1.2.26:beta06
    cpe:2.3:a:libpng:libpng:1.2.26:beta06
  • cpe:2.3:a:libpng:libpng:1.2.26:rc01
    cpe:2.3:a:libpng:libpng:1.2.26:rc01
  • libpng 1.2.27
    cpe:2.3:a:libpng:libpng:1.2.27
  • libpng 1.2.28
    cpe:2.3:a:libpng:libpng:1.2.28
  • libpng 1.2.29
    cpe:2.3:a:libpng:libpng:1.2.29
  • libpng 1.2.30
    cpe:2.3:a:libpng:libpng:1.2.30
  • libpng 1.2.31
    cpe:2.3:a:libpng:libpng:1.2.31
  • libpng 1.2.32
    cpe:2.3:a:libpng:libpng:1.2.32
  • libpng 1.2.33
    cpe:2.3:a:libpng:libpng:1.2.33
  • libpng 1.2.34
    cpe:2.3:a:libpng:libpng:1.2.34
CVSS
Base: 6.8 (as of 23-02-2009 - 16:03)
Impact:
Exploitability:
CWE CWE-94
CAPEC
  • Leverage Executable Code in Non-Executable Files
    An attack of this type exploits a system's trust in configuration and resource files, when the executable loads the resource (such as an image file or configuration file) the attacker has modified the file to either execute malicious code directly or manipulate the target process (e.g. application server) to execute based on the malicious configuration parameters. Since systems are increasingly interrelated mashing up resources from local and remote sources the possibility of this attack occurring is high. The attack can be directed at a client system, such as causing buffer overrun through loading seemingly benign image files, as in Microsoft Security Bulletin MS04-028 where specially crafted JPEG files could cause a buffer overrun once loaded into the browser. Another example targets clients reading pdf files. In this case the attacker simply appends javascript to the end of a legitimate url for a pdf (http://www.gnucitizen.org/blog/danger-danger-danger/) http://path/to/pdf/file.pdf#whatever_name_you_want=javascript:your_code_here The client assumes that they are reading a pdf, but the attacker has modified the resource and loaded executable javascript into the client's browser process. The attack can also target server processes. The attacker edits the resource or configuration file, for example a web.xml file used to configure security permissions for a J2EE app server, adding role name "public" grants all users with the public role the ability to use the administration functionality. The server trusts its configuration file to be correct, but when they are manipulated, the attacker gains full control.
  • Manipulating User-Controlled Variables
    This attack targets user controlled variables (DEBUG=1, PHP Globals, and So Forth). An attacker can override environment variables leveraging user-supplied, untrusted query variables directly used on the application server without any data sanitization. In extreme cases, the attacker can change variables controlling the business logic of the application. For instance, in languages like PHP, a number of poorly set default configurations may allow the user to override variables.
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2009-003.NASL
    description The remote host is running a version of Mac OS X 10.4 that does not have Security Update 2009-003 applied. This security update contains fixes for the following products : - bzip2 - ColorSync - ImageIO - Login Window
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 40501
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40501
    title Mac OS X Multiple Vulnerabilities (Security Update 2009-003)
  • NASL family VMware ESX Local Security Checks
    NASL id VMWARE_VMSA-2009-0007.NASL
    description a. VMware Descheduled Time Accounting driver vulnerability may cause a denial of service in Windows based virtual machines. The VMware Descheduled Time Accounting Service is an optional, experimental service that provides improved guest operating system accounting. This patch fixes a denial of service vulnerability that could be triggered in a virtual machine by an unprivileged, locally logged-on user in the virtual machine. Virtual machines are affected under the following conditions : - The virtual machine is running a Windows operating system. - The VMware Descheduled Time Accounting driver is installed in the virtual machine. Note that this is an optional (non- default) part of the VMware Tools installation. - The VMware Descheduled Time Accounting Service is not running in the virtual machine The VMware Descheduled Time Accounting Service is no longer provided in newer versions of VMware Tools, starting with the versions released in Fusion 2.0.2 and ESX 4.0. However, virtual machines migrated from vulnerable releases will still be vulnerable if the three conditions listed above are met, until their tools are upgraded. Steps needed to remediate this vulnerability : Guest systems on VMware Workstation, Player, ACE, Server, Fusion - Install the new version of Workstation, Player, ACE, Server, Fusion (see below for version information) - Upgrade tools in the virtual machine (virtual machine users will be prompted to upgrade). Guest systems on ESX 3.5, ESXi 3.5, ESX 3.0.2, ESX 3.0.3 - Install the relevant patches (see below for patch identifiers) - Manually upgrade tools in the virtual machine (virtual machine users will not be prompted to upgrade). Note the VI Client will not show the VMware tools is out of date in the summary tab. Please see http://tinyurl.com/27mpjo page 80 for details. Guests systems on ESX 4.0 and ESXi 4.0 that have been migrated from ESX 3.5, ESXi 3.5, and ESX 3.0.x - Install/upgrade the new tools in the virtual machine (virtual machine users will be prompted to upgrade). If the Descheduled Time Accounting driver was installed, the tools upgrade will result in an updated driver for Workstation, Player, ACE, Server, ESX 3.0.2, ESX 3.0.3, ESX 3.5, ESXi 3.5. For Fusion, ESX 4.0, and ESXi 4.0 the tools upgrade will result in the removal of the driver. VMware would like to thank Nikita Tarakanov for reporting this issue to us. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1805 to this issue. b. Updated libpng package for the ESX 2.5.5 Service Console The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. A flaw was discovered in the way libpng handled PNG images containing 'unknown' chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2009-0040 and CVE-2008-1382 to these issues. The VMware version number of libpng after applying the update is libpng-1.0.14-12.i386.rpm.
    last seen 2019-02-21
    modified 2018-08-06
    plugin id 40392
    published 2009-07-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40392
    title VMSA-2009-0007 : VMware Hosted products and ESX and ESXi patches resolve security issues
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1830.NASL
    description Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2009-0040 The execution of arbitrary code might be possible via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables. (MFSA 2009-10) - CVE-2009-0352 It is possible to execute arbitrary code via vectors related to the layout engine. (MFSA 2009-01) - CVE-2009-0353 It is possible to execute arbitrary code via vectors related to the JavaScript engine. (MFSA 2009-01) - CVE-2009-0652 Bjoern Hoehrmann and Moxie Marlinspike discovered a possible spoofing attack via Unicode box drawing characters in internationalized domain names. (MFSA 2009-15) - CVE-2009-0771 Memory corruption and assertion failures have been discovered in the layout engine, leading to the possible execution of arbitrary code. (MFSA 2009-07) - CVE-2009-0772 The layout engine allows the execution of arbitrary code in vectors related to nsCSSStyleSheet::GetOwnerNode, events, and garbage collection. (MFSA 2009-07) - CVE-2009-0773 The JavaScript engine is prone to the execution of arbitrary code via several vectors. (MFSA 2009-07) - CVE-2009-0774 The layout engine allows the execution of arbitrary code via vectors related to gczeal. (MFSA 2009-07) - CVE-2009-0776 Georgi Guninski discovered that it is possible to obtain xml data via an issue related to the nsIRDFService. (MFSA 2009-09) - CVE-2009-1302 The browser engine is prone to a possible memory corruption via several vectors. (MFSA 2009-14) - CVE-2009-1303 The browser engine is prone to a possible memory corruption via the nsSVGElement::BindToTree function. (MFSA 2009-14) - CVE-2009-1307 Gregory Fleischer discovered that it is possible to bypass the Same Origin Policy when opening a Flash file via the view-source: scheme. (MFSA 2009-17) - CVE-2009-1832 The possible arbitrary execution of code was discovered via vectors involving 'double frame construction.' (MFSA 2009-24) - CVE-2009-1392 Several issues were discovered in the browser engine as used by icedove, which could lead to the possible execution of arbitrary code. (MFSA 2009-24) - CVE-2009-1836 Shuo Chen, Ziqing Mao, Yi-Min Wang and Ming Zhang reported a potential man-in-the-middle attack, when using a proxy due to insufficient checks on a certain proxy response. (MFSA 2009-27) - CVE-2009-1838 moz_bug_r_a4 discovered that it is possible to execute arbitrary JavaScript with chrome privileges due to an error in the garbage collection implementation. (MFSA 2009-29) - CVE-2009-1841 moz_bug_r_a4 reported that it is possible for scripts from page content to run with elevated privileges and thus potentially executing arbitrary code with the object's chrome privileges. (MFSA 2009-32) - No CVE id yet Bernd Jendrissek discovered a potentially exploitable crash when viewing a multipart/alternative mail message with a text/enhanced part. (MFSA 2009-33)
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 44695
    published 2010-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=44695
    title Debian DSA-1830-1 : icedove - several vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-051.NASL
    description A number of vulnerabilities have been found and corrected in libpng : Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0 (CVE-2008-5907). Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library (CVE-2009-0040). The updated packages have been patched to prevent this.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 36671
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36671
    title Mandriva Linux Security Advisory : libpng (MDVSA-2009:051)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201209-25.NASL
    description The remote host is affected by the vulnerability described in GLSA-201209-25 (VMware Player, Server, Workstation: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in VMware Player, Server, and Workstation. Please review the CVE identifiers referenced below for details. Impact : Local users may be able to gain escalated privileges, cause a Denial of Service, or gain sensitive information. A remote attacker could entice a user to open a specially crafted file, possibly resulting in the remote execution of arbitrary code, or a Denial of Service. Remote attackers also may be able to spoof DNS traffic, read arbitrary files, or inject arbitrary web script to the VMware Server Console. Furthermore, guest OS users may be able to execute arbitrary code on the host OS, gain escalated privileges on the guest OS, or cause a Denial of Service (crash the host OS). Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2019-02-07
    plugin id 62383
    published 2012-10-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62383
    title GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200903-28.NASL
    description The remote host is affected by the vulnerability described in GLSA-200903-28 (libpng: Multiple vulnerabilities) Multiple vulnerabilities were discovered in libpng: A memory leak bug was reported in png_handle_tEXt(), a function that is used while reading PNG images (CVE-2008-6218). A memory overwrite bug was reported by Jon Foster in png_check_keyword(), caused by writing overlong keywords to a PNG file (CVE-2008-5907). A memory corruption issue, caused by an incorrect handling of an out of memory condition has been reported by Tavis Ormandy of the Google Security Team. That vulnerability affects direct uses of png_read_png(), pCAL chunk and 16-bit gamma table handling (CVE-2009-0040). Impact : A remote attacker may execute arbitrary code with the privileges of the user opening a specially crafted PNG file by exploiting the erroneous out-of-memory handling. An attacker may also exploit the png_check_keyword() error to set arbitrary memory locations to 0, if the application allows overlong, user-controlled keywords when writing PNG files. The png_handle_tEXT() vulnerability may be exploited by an attacker to potentially consume all memory on a users system when a specially crafted PNG file is opened. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-07-11
    plugin id 35929
    published 2009-03-16
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35929
    title GLSA-200903-28 : libpng: Multiple vulnerabilities
  • NASL family Windows
    NASL id SAFARI_4.0.NASL
    description The version of Safari installed on the remote Windows host is earlier than 4.0. It therefore is potentially affected by numerous issues in the following components : - CFNetwork - CoreGraphics - ImageIO - International Components for Unicode - libxml - Safari - Safari Windows Installer - WebKit
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 39339
    published 2009-06-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39339
    title Safari < 4.0 Multiple Vulnerabilities
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0333.NASL
    description From Red Hat Security Advisory 2009:0333 : Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing 'unknown' chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2016-12-07
    plugin id 67815
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67815
    title Oracle Linux 4 / 5 : libpng (ELSA-2009-0333)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_8.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.8. Mac OS X 10.5.8 contains security fixes for the following products : - bzip2 - CFNetwork - ColorSync - CoreTypes - Dock - Image RAW - ImageIO - Kernel - launchd - Login Window - MobileMe - Networking - XQuery
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 40502
    published 2009-08-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40502
    title Mac OS X 10.5.x < 10.5.8 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201412-08.NASL
    description The remote host is affected by the vulnerability described in GLSA-201412-08 (Multiple packages, Multiple vulnerabilities fixed in 2010) Vulnerabilities have been discovered in the packages listed below. Please review the CVE identifiers in the Reference section for details. Insight Perl Tk Module Source-Navigator Tk Partimage Mlmmj acl Xinit gzip ncompress liblzw splashutils GNU M4 KDE Display Manager GTK+ KGet dvipng Beanstalk Policy Mount pam_krb5 GNU gv LFTP Uzbl Slim Bitdefender Console iputils DVBStreamer Impact : A context-dependent attacker may be able to gain escalated privileges, execute arbitrary code, cause Denial of Service, obtain sensitive information, or otherwise bypass security restrictions. Workaround : There are no known workarounds at this time.
    last seen 2019-02-21
    modified 2018-12-05
    plugin id 79961
    published 2014-12-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=79961
    title GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12353.NASL
    description An allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue.
    last seen 2018-09-01
    modified 2012-04-23
    plugin id 41279
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41279
    title SuSE9 Security Update : libpng (YOU Patch Number 12353)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_LIBPNG-090317.NASL
    description A allocation mistake in libpng's pngread.c has been fixed. (CVE-2009-0040)
    last seen 2018-09-01
    modified 2013-10-25
    plugin id 41425
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41425
    title SuSE 11 Security Update : libpng (SAT Patch Number 638)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2112.NASL
    description Fixes CVE-2009-0040 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 36603
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36603
    title Fedora 10 : libpng-1.2.35-1.fc10 (2009-2112)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBPNG-DEVEL-090225.NASL
    description A allocation mistake in libpng's pngread.c has been fixed (CVE-2009-0040). The previous update was using an incomplete patch so it needed to be reissued.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40265
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40265
    title openSUSE Security Update : libpng-devel (libpng-devel-558)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2045.NASL
    description This release fixes a vulnerability in which some arrays of pointers are not initialized prior to using malloc to define the pointers. If the application runs out of memory while executing the allocation loop (which can be forced by malevolent input), libpng10 will jump to a cleanup process that attempts to free all of the pointers, including the undefined ones. This issue has been assigned CVE-2009-0040 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 35808
    published 2009-03-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35808
    title Fedora 9 : libpng10-1.0.43-1.fc9 (2009-2045)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-6001.NASL
    description A allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 35733
    published 2009-02-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35733
    title openSUSE 10 Security Update : libpng (libpng-6001)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBPNG-DEVEL-090225.NASL
    description A allocation mistake in libpng's pngread.c has been fixed (CVE-2009-0040). The previous update was using an incomplete patch so it needed to be reissued.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 40039
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40039
    title openSUSE Security Update : libpng-devel (libpng-devel-558)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_LIBPNG-DEVEL-090217.NASL
    description A allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 40038
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40038
    title openSUSE Security Update : libpng-devel (libpng-devel-528)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SEAMONKEY-6310.NASL
    description The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 39462
    published 2009-06-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39462
    title openSUSE 10 Security Update : seamonkey (seamonkey-6310)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-6024.NASL
    description A allocation mistake in libpng's pngread.c has been fixed (CVE-2009-0040). The previous update was using an incomplete patch so it needed to be reissued.
    last seen 2019-02-21
    modified 2012-05-17
    plugin id 41548
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41548
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 6024)
  • NASL family Windows
    NASL id SEAMONKEY_1115.NASL
    description The installed version of SeaMonkey is earlier than 1.1.15. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that may lead to crashes with evidence of memory corruption. (MFSA 2009-01) - Cookies marked HTTPOnly are readable by JavaScript via the 'XMLHttpRequest.getResponseHeader' and 'XMLHttpRequest.getAllResponseHeaders' APIs. (MFSA 2009-05) - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07) - It may be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09) - Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10) - A URI spoofing vulnerability exists because the application fails to adequately handle specific characters in IDN subdomains. (MFSA 2009-15)
    last seen 2019-02-21
    modified 2018-07-27
    plugin id 35978
    published 2009-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35978
    title SeaMonkey < 1.1.15 Multiple Vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_SEAMONKEY-090617.NASL
    description The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 40133
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40133
    title openSUSE Security Update : seamonkey (seamonkey-1014)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090304_LIBPNG_ON_SL3_X.NASL
    description A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing 'unknown' chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60539
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60539
    title Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-09.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jun/15/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107484
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107484
    title Solaris 10 (sparc) : 137080-09
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-10.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/17/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107983
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107983
    title Solaris 10 (x86) : 137081-10
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_5_7.NASL
    description The remote host is running a version of Mac OS X 10.5.x that is prior to 10.5.7. Mac OS X 10.5.7 contains security fixes for the following products : - Apache - ATS - BIND - CFNetwork - CoreGraphics - Cscope - CUPS - Disk Images - enscript - Flash Player plug-in - Help Viewer - iChat - International Components for Unicode - IPSec - Kerberos - Kernel - Launch Services - libxml - Net-SNMP - Network Time - Networking - OpenSSL - PHP - QuickDraw Manager - ruby - Safari - Spotlight - system_cmds - telnet - Terminal - WebKit - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 38744
    published 2009-05-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38744
    title Mac OS X 10.5.x < 10.5.7 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0333.NASL
    description Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing 'unknown' chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 43731
    published 2010-01-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=43731
    title CentOS 4 : libpng (CESA-2009:0333)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0333.NASL
    description Updated libpng and libpng10 packages that fix a couple of security issues are now available for Red Hat Enterprise Linux 2.1, 4, and 5. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) A flaw was discovered in the way libpng handled PNG images containing 'unknown' chunks. If an application linked against libpng attempted to process a malformed, unknown chunk in a malicious PNG image, it could cause the application to crash. (CVE-2008-1382) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35775
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35775
    title RHEL 2.1 / 4 / 5 : libpng (RHSA-2009:0333)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0340.NASL
    description Updated libpng and libpng10 packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 35776
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35776
    title RHEL 3 : libpng (RHSA-2009:0340)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-051-01.NASL
    description New libpng packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix a security issue.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 35727
    published 2009-02-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35727
    title Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2009-051-01)
  • NASL family Windows
    NASL id MOZILLA_THUNDERBIRD_20021.NASL
    description The installed version of Thunderbird is earlier than 2.0.0.21. Such versions are potentially affected by the following security issues : - There are several stability bugs in the browser engine that could lead to crashes with evidence of memory corruption. (MFSA 2009-01) - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07) - It might be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09) - Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10) - A URI-spoofing vulnerability exists because the application fails to adequately handle specific characters in IDN subdomains. (MFSA 2009-15)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 35977
    published 2009-03-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35977
    title Mozilla Thunderbird < 2.0.0.21 Multiple Vulnerabilities
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0315.NASL
    description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35789
    published 2009-03-08
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35789
    title CentOS 4 / 5 : firefox (CESA-2009:0315)
  • NASL family F5 Networks Local Security Checks
    NASL id F5_BIGIP_SOL9988.NASL
    description The PNG reference library (libpng), as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code by way of a crafted PNG file.
    last seen 2019-02-21
    modified 2019-01-04
    plugin id 78231
    published 2014-10-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78231
    title F5 Networks BIG-IP : libpng vulnerability (SOL9988)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_EA2411A408E811DEB88A0022157515B2.NASL
    description Secunia reports : A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code.
    last seen 2019-02-21
    modified 2018-11-23
    plugin id 35771
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35771
    title FreeBSD : pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability (ea2411a4-08e8-11de-b88a-0022157515b2)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-075.NASL
    description Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.7 (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777). This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. Additionally some softwares has also been rebuilt against Mozilla Firefox 3.0.7 which should take care of upgrade problems.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 37610
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37610
    title Mandriva Linux Security Advisory : firefox (MDVSA-2009:075)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-083-03.NASL
    description New mozilla-thunderbird packages are available for Slackware 10.2, 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-06-27
    plugin id 36011
    published 2009-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36011
    title Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2882.NASL
    description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2016-12-08
    plugin id 36827
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36827
    title Fedora 10 : thunderbird-2.0.0.21-1.fc10 (2009-2882)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2884.NASL
    description Several flaws were found in the processing of malformed HTML mail content. An HTML mail message containing malicious content could cause Thunderbird to crash or, potentially, execute arbitrary code as the user running Thunderbird. (CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. An HTML mail message containing specially crafted content could potentially trick a Thunderbird user into surrendering sensitive information. (CVE-2009-0355, CVE-2009-0776) Note: JavaScript support is disabled by default in Thunderbird. None of the above issues are exploitable unless JavaScript is enabled. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35984
    published 2009-03-22
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35984
    title Fedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-09.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jun/15/17
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107982
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107982
    title Solaris 10 (x86) : 137081-09
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081-07.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Jul/18/12
    last seen 2018-10-31
    modified 2018-10-29
    plugin id 107981
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107981
    title Solaris 10 (x86) : 137081-07
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137080 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 31333
    published 2008-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31333
    title Solaris 10 (sparc) : 137080-11 (deprecated)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-730-1.NASL
    description It was discovered that libpng did not properly perform bounds checking in certain operations. An attacker could send a specially crafted PNG image and cause a denial of service in applications linked against libpng. This issue only affected Ubuntu 8.04 LTS. (CVE-2007-5268, CVE-2007-5269) Tavis Ormandy discovered that libpng did not properly initialize memory. If a user or automated system were tricked into opening a crafted PNG image, an attacker could cause a denial of service via application crash, or possibly execute arbitrary code with the privileges of the user invoking the program. This issue did not affect Ubuntu 8.10. (CVE-2008-1382) Harald van Dijk discovered an off-by-one error in libpng. An attacker could could cause an application crash in programs using pngtest. (CVE-2008-3964) It was discovered that libpng did not properly NULL terminate a keyword string. An attacker could exploit this to set arbitrary memory locations to zero. (CVE-2008-5907) Glenn Randers-Pehrson discovered that libpng did not properly initialize pointers. If a user or automated system were tricked into opening a crafted PNG file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 37042
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37042
    title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libpng vulnerabilities (USN-730-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-1976.NASL
    description This release fixes a vulnerability in which some arrays of pointers are not initialized prior to using malloc to define the pointers. If the application runs out of memory while executing the allocation loop (which can be forced by malevolent input), libpng10 will jump to a cleanup process that attempts to free all of the pointers, including the undefined ones. This issue has been assigned CVE-2009-0040 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 37687
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37687
    title Fedora 10 : libpng10-1.0.43-1.fc10 (2009-1976)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6187.NASL
    description The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774) - Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. (MFSA 2009-09 / CVE-2009-0776) - Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer. libpng was upgraded to version 1.2.35 which containis fixes for these flaws. (MFSA 2009-10 / CVE-2009-0040) - Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability. (MFSA 2009-12 / CVE-2009-1169)
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 41467
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41467
    title SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_SEAMONKEY-090617.NASL
    description The Mozilla SeaMonkey browser suite was updated to version 1.1.16, fixing various bugs and security issues : - Security update to 1.1.16 - MFSA 2009-12/CVE-2009-1169 (bmo#460090,485217) Crash and remote code execution in XSL transformation - MFSA 2009-14/CVE-2009-1303/CVE-2009-1305 Crashes with evidence of memory corruption (rv:1.9.0.9) - Security update to 1.1.15 - MFSA 2009-15/CVE-2009-0652 URL spoofing with box drawing character - MFSA 2009-07/CVE-2009-0771, CVE-2009-0772, CVE-2009-0773 CVE-2009-0774: Crashes with evidence of memory corruption (rv:1.9.0.7) - MFSA 2009-09/CVE-2009-0776: XML data theft via RDFXMLDataSource and cross-domain redirect - MFSA 2009-10/CVE-2009-0040: Upgrade PNG library to fix memory safety hazards - MFSA 2009-01/CVE-2009-0352 Crashes with evidence of memory corruption (rv:1.9.0.6) - MFSA 2009-05/CVE-2009-0357 XMLHttpRequest allows reading HTTPOnly cookies Please note that the java openjdk plugin might not work after installing this update.
    last seen 2019-02-21
    modified 2018-06-29
    plugin id 40309
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40309
    title openSUSE Security Update : seamonkey (seamonkey-1014)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-07.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/18/12
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107483
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107483
    title Solaris 10 (sparc) : 137080-07
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090304_FIREFOX_ON_SL4_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774,CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60538
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60538
    title Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_MOZILLAFIREFOX-090312.NASL
    description The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-08 / CVE-2009-0775: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's garbage collection process. The vulnerability was caused by improper memory management of a set of cloned XUL DOM elements which were linked as a parent and child. After reloading the browser on a page with such linked elements, the browser would crash when attempting to access an object which was already destroyed. An attacker could use this crash to run arbitrary code on the victim's computer. MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. MFSA 2009-10 / CVE-2009-0040: libpng maintainer Glenn Randers-Pehrson reported several memory safety hazards in PNG libraries used by Mozilla. These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer. libpng was upgraded to a version which contained fixes for these flaws. MFSA 2009-11 / CVE-2009-0777: Mozilla contributor Masahiro Yamada reported that certain invisible control characters were being decoded when displayed in the location bar, resulting in fewer visible characters than were present in the actual location. An attacker could use this vulnerability to spoof the location bar and display a misleading URL for their malicious web page.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 40170
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40170
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-1750.NASL
    description Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2007-2445 The png_handle_tRNS function allows attackers to cause a denial of service (application crash) via a grayscale PNG image with a bad tRNS chunk CRC value. - CVE-2007-5269 Certain chunk handlers allow attackers to cause a denial of service (crash) via crafted pCAL, sCAL, tEXt, iTXt, and ztXT chunking in PNG images, which trigger out-of-bounds read operations. - CVE-2008-1382 libpng allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length 'unknown' chunks, which trigger an access of uninitialized memory. - CVE-2008-5907 The png_check_keyword might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords. - CVE-2008-6218 A memory leak in the png_handle_tEXt function allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file. - CVE-2009-0040 libpng allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35988
    published 2009-03-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35988
    title Debian DSA-1750-1 : libpng - several vulnerabilities
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_0_MOZILLAFIREFOX-090312.NASL
    description The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-08 / CVE-2009-0775: An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's garbage collection process. The vulnerability was caused by improper memory management of a set of cloned XUL DOM elements which were linked as a parent and child. After reloading the browser on a page with such linked elements, the browser would crash when attempting to access an object which was already destroyed. An attacker could use this crash to run arbitrary code on the victim's computer. MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. MFSA 2009-10 / CVE-2009-0040: libpng maintainer Glenn Randers-Pehrson reported several memory safety hazards in PNG libraries used by Mozilla. These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer. libpng was upgraded to a version which contained fixes for these flaws. MFSA 2009-11 / CVE-2009-0777: Mozilla contributor Masahiro Yamada reported that certain invisible control characters were being decoded when displayed in the location bar, resulting in fewer visible characters than were present in the actual location. An attacker could use this vulnerability to spoof the location bar and display a misleading URL for their malicious web page.
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 39887
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=39887
    title openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0340.NASL
    description From Red Hat Security Advisory 2009:0340 : Updated libpng and libpng10 packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2015-12-01
    plugin id 67820
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67820
    title Oracle Linux 3 : libpng (ELSA-2009-0340)
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20090304_SEAMONKEY_ON_SL3_X.NASL
    description Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2009-0776) After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 60540
    published 2012-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=60540
    title Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64
  • NASL family SuSE Local Security Checks
    NASL id SUSE_MOZILLAFIREFOX-6194.NASL
    description The Mozilla Firefox Browser was refreshed to the current MOZILLA_1_8 branch state around fix level 2.0.0.22. Security issues identified as being fixed are: MFSA 2009-01 / CVE-2009-0352 / CVE-2009-0353: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-07 / CVE-2009-0772 / CVE-2009-0774: Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. MFSA 2009-09 / CVE-2009-0776: Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. MFSA 2009-10 / CVE-2009-0040: Google security researcher Tavis Ormandy reported several memory safety hazards to the libpng project, an external library used by Mozilla to render PNG images. These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer. libpng was upgraded to version 1.2.35 which containis fixes for these flaws. MFSA 2009-12 / CVE-2009-1169: Security researcher Guido Landi discovered that a XSL stylesheet could be used to crash the browser during a XSL transformation. An attacker could potentially use this crash to run arbitrary code on a victim's computer. This vulnerability was also previously reported as a stability problem by Ubuntu community member, Andre. Ubuntu community member Michael Rooney reported Andre's findings to Mozilla, and Mozilla community member Martin helped reduce Andre's original testcase and contributed a patch to fix the vulnerability.
    last seen 2019-02-21
    modified 2016-12-22
    plugin id 36199
    published 2009-04-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36199
    title openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2009-083.NASL
    description A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21 (CVE-2009-0040, CVE-2009-0776, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0352, CVE-2009-0353). This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used (bug #45001). Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. (bug #46107) This update also fixes those issues.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 36318
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36318
    title Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2128.NASL
    description Fixes CVE-2009-0040 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 35746
    published 2009-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35746
    title Fedora 9 : libpng-1.2.35-1.fc9 (2009-2128)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-728-1.NASL
    description Glenn Randers-Pehrson discovered that the embedded libpng in Firefox did not properly initialize pointers. If a user were tricked into viewing a malicious website with a crafted PNG file, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0040) Martijn Wargers, Jesse Ruderman, Josh Soref, Gary Kwong, and Timothee Groleau discovered flaws in the browser engine. If a user were tricked into viewing a malicious website, a remote attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774) A flaw was discovered in Firefox's garbage collection process. Under certain circumstances a remote attacker could exploit this to cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. (CVE-2009-0775) Georgi Guninski discovered a flaw when Firefox performed a cross-domain redirect. An attacker could bypass the same-origin policy in Firefox by utilizing nsIRDFService and steal private data from users authenticated to the redirected website. (CVE-2009-0776) Masahiro Yamada discovered that Firefox did not display control characters in the location bar. An attacker could exploit this to spoof the location bar, such as in a phishing attack. (CVE-2009-0777). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 38036
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=38036
    title Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-728-1)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0325.NASL
    description Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2009-0776) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 35774
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35774
    title RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0325)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0325.NASL
    description From Red Hat Security Advisory 2009:0325 : Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2009-0776) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67811
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67811
    title Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0325)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_MOZILLAFIREFOX-090319.NASL
    description The Mozilla Firefox browser is updated to version 3.0.7 fixing various security and stability issues. - Mozilla developers identified and fixed several stability bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these crashes showed evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to run arbitrary code. (MFSA 2009-07 / CVE-2009-0771 / CVE-2009-0772 / CVE-2009-0773 / CVE-2009-0774) - An anonymous researcher, via TippingPoint's Zero Day Initiative program, reported a vulnerability in Mozilla's garbage collection process. The vulnerability was caused by improper memory management of a set of cloned XUL DOM elements which were linked as a parent and child. After reloading the browser on a page with such linked elements, the browser would crash when attempting to access an object which was already destroyed. An attacker could use this crash to run arbitrary code on the victim's computer. (MFSA 2009-08 / CVE-2009-0775) - Mozilla security researcher Georgi Guninski reported that a website could use nsIRDFService and a cross-domain redirect to steal arbitrary XML data from another domain, a violation of the same-origin policy. This vulnerability could be used by a malicious website to steal private data from users authenticated to the redirected website. (MFSA 2009-09 / CVE-2009-0776) - libpng maintainer Glenn Randers-Pehrson reported several memory safety hazards in PNG libraries used by Mozilla. These vulnerabilities could be used by a malicious website to crash a victim's browser and potentially execute arbitrary code on their computer. libpng was upgraded to a version which contained fixes for these flaws. (MFSA 2009-10 / CVE-2009-0040) - Mozilla contributor Masahiro Yamada reported that certain invisible control characters were being decoded when displayed in the location bar, resulting in fewer visible characters than were present in the actual location. An attacker could use this vulnerability to spoof the location bar and display a misleading URL for their malicious web page. (MFSA 2009-11 / CVE-2009-0777)
    last seen 2019-02-21
    modified 2016-12-21
    plugin id 41352
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41352
    title SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656)
  • NASL family SuSE Local Security Checks
    NASL id SUSE9_12358.NASL
    description A allocation mistake in libpng's pngread.c has been fixed (CVE-2009-0040). The previous update was using an incomplete patch so it needed to be reissued.
    last seen 2019-02-21
    modified 2012-04-23
    plugin id 41281
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41281
    title SuSE9 Security Update : libpng (YOU Patch Number 12358)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-6021.NASL
    description A allocation mistake in libpng's pngread.c has been fixed (CVE-2009-0040). The previous update was using an incomplete patch so it needed to be reissued.
    last seen 2019-02-21
    modified 2014-06-13
    plugin id 35748
    published 2009-02-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35748
    title openSUSE 10 Security Update : libpng (libpng-6021)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0340.NASL
    description Updated libpng and libpng10 packages that fix a security issue are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2009-0040) Users of libpng and libpng10 should upgrade to these updated packages, which contain backported patches to correct these issues. All running applications using libpng or libpng10 must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 35768
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35768
    title CentOS 3 : libpng (CESA-2009:0340)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_1_LIBPNG-DEVEL-090217.NASL
    description A allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue.
    last seen 2018-09-01
    modified 2014-06-13
    plugin id 40264
    published 2009-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=40264
    title openSUSE Security Update : libpng-devel (libpng-devel-528)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_LIBPNG-6003.NASL
    description A allocation mistake in libpng's pngread.c has been fixed. CVE-2009-0040 has been assigned to this issue.
    last seen 2018-09-02
    modified 2012-05-17
    plugin id 41547
    published 2009-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=41547
    title SuSE 10 Security Update : libpng (ZYPP Patch Number 6003)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2009-2131.NASL
    description Update to libpng 1.2.35, to fix CVE-2009-0040. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-21
    plugin id 37641
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37641
    title Fedora 10 : mingw32-libpng-1.2.35-1.fc10 (2009-2131)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_137080-10.NASL
    description SunOS 5.10: libpng Patch. Date this patch was last updated by Sun : Jul/17/17
    last seen 2018-10-27
    modified 2018-10-26
    plugin id 107485
    published 2018-03-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107485
    title Solaris 10 (sparc) : 137080-10
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2009-0325.NASL
    description Updated SeaMonkey packages that fix security issues are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web browser, email and newsgroup client, IRC chat client, and HTML editor. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause SeaMonkey to crash or, potentially, execute arbitrary code as the user running SeaMonkey. (CVE-2009-0040, CVE-2009-0772, CVE-2009-0774, CVE-2009-0775) A flaw was found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a SeaMonkey user into surrendering sensitive information. (CVE-2009-0776) All SeaMonkey users should upgrade to these updated packages, which contain backported patches that correct these issues. After installing the update, SeaMonkey must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2018-11-28
    plugin id 35780
    published 2009-03-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35780
    title CentOS 3 / 4 : seamonkey (CESA-2009:0325)
  • NASL family Windows
    NASL id MOZILLA_FIREFOX_307.NASL
    description The installed version of Firefox 3.0.x is earlier than 3.0.7. Such versions are potentially affected by the following security issues : - By exploiting stability bugs in the browser engine, it might be possible for an attacker to execute arbitrary code on the remote system under certain conditions. (MFSA 2009-07) - A vulnerability in Mozilla's garbage collection process could be exploited to run arbitrary code on the remote system. (MFSA 2009-08) - It may be possible for a website to read arbitrary XML data from another domain by using nsIRDFService and a cross-domain redirect. (MFSA 2009-09) - Vulnerabilities in the PNG libraries used by Mozilla could be exploited to execute arbitrary code on the remote system. (MFSA 2009-10) - Certain invisible characters are decoded before being displayed on the location bar. An attacker may be able to exploit this flaw to spoof the location bar and display a link to a malicious URL. (MFSA 2009-11)
    last seen 2019-02-21
    modified 2018-07-16
    plugin id 35778
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35778
    title Firefox 3.0.x < 3.0.7 Multiple Vulnerabilities
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2009-0315.NASL
    description An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 35773
    published 2009-03-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=35773
    title RHEL 4 / 5 : firefox (RHSA-2009:0315)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS10_X86_137081.NASL
    description SunOS 5.10_x86: libpng Patch. Date this patch was last updated by Sun : Sep/11/17 This plugin has been deprecated and either replaced with individual 137081 patch-revision plugins, or deemed non-security related.
    last seen 2019-02-21
    modified 2018-07-30
    plugin id 31337
    published 2008-03-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=31337
    title Solaris 10 (x86) : 137081-11 (deprecated)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2009-0315.NASL
    description From Red Hat Security Advisory 2009:0315 : An updated firefox package that fixes various security issues is now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having critical security impact by the Red Hat Security Response Team. Mozilla Firefox is an open source Web browser. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code as the user running Firefox. (CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775) Several flaws were found in the way malformed content was processed. A website containing specially crafted content could, potentially, trick a Firefox user into surrendering sensitive information. (CVE-2009-0776, CVE-2009-0777) For technical details regarding these flaws, please see the Mozilla security advisories for Firefox 3.0.7. You can find a link to the Mozilla advisories in the References section of this errata. All Firefox users should upgrade to these updated packages, which contain Firefox version 3.0.7, and which correct these issues. After installing the update, Firefox must be restarted for the changes to take effect.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 67810
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=67810
    title Oracle Linux 4 / 5 : firefox (ELSA-2009-0315)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2009-083-02.NASL
    description New seamonkey packages are available for Slackware 11.0, 12.0, 12.1, 12.2, and -current to fix security issues.
    last seen 2019-02-21
    modified 2018-12-18
    plugin id 36010
    published 2009-03-25
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=36010
    title Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02)
oval via4
  • accepted 2013-04-29T04:04:33.340-04:00
    class vulnerability
    contributors
    • name Aharon Chernin
      organization SCAP.com, LLC
    • name Dragos Prisaca
      organization G2, Inc.
    definition_extensions
    • comment The operating system installed on the system is Red Hat Enterprise Linux 3
      oval oval:org.mitre.oval:def:11782
    • comment CentOS Linux 3.x
      oval oval:org.mitre.oval:def:16651
    • comment The operating system installed on the system is Red Hat Enterprise Linux 4
      oval oval:org.mitre.oval:def:11831
    • comment CentOS Linux 4.x
      oval oval:org.mitre.oval:def:16636
    • comment Oracle Linux 4.x
      oval oval:org.mitre.oval:def:15990
    • comment The operating system installed on the system is Red Hat Enterprise Linux 5
      oval oval:org.mitre.oval:def:11414
    • comment The operating system installed on the system is CentOS Linux 5.x
      oval oval:org.mitre.oval:def:15802
    • comment Oracle Linux 5.x
      oval oval:org.mitre.oval:def:15459
    description The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    family unix
    id oval:org.mitre.oval:def:10316
    status accepted
    submitted 2010-07-09T03:56:16-04:00
    title The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    version 26
  • accepted 2009-11-09T04:01:02.634-05:00
    class vulnerability
    contributors
    name Michael Wood
    organization Hewlett-Packard
    definition_extensions
    • comment VMWare ESX Server 3.0.3 is installed
      oval oval:org.mitre.oval:def:6026
    • comment VMWare ESX Server 3.0.2 is installed
      oval oval:org.mitre.oval:def:5613
    • comment VMware ESX Server 3.5.0 is installed
      oval oval:org.mitre.oval:def:5887
    description The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
    family unix
    id oval:org.mitre.oval:def:6458
    status accepted
    submitted 2009-09-23T15:39:02.000-04:00
    title Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability
    version 3
redhat via4
advisories
  • bugzilla
    id 486355
    title CVE-2009-0040 libpng arbitrary free() flaw
    oval
    OR
    • AND
      • comment Red Hat Enterprise Linux 4 is installed
        oval oval:com.redhat.rhsa:tst:20060016001
      • OR
        • AND
          • comment libpng is earlier than 2:1.2.7-3.el4_7.2
            oval oval:com.redhat.rhsa:tst:20090333002
          • comment libpng is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070356003
        • AND
          • comment libpng-devel is earlier than 2:1.2.7-3.el4_7.2
            oval oval:com.redhat.rhsa:tst:20090333004
          • comment libpng-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070356005
        • AND
          • comment libpng10 is earlier than 0:1.0.16-3.el4_7.3
            oval oval:com.redhat.rhsa:tst:20090333006
          • comment libpng10 is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070356007
        • AND
          • comment libpng10-devel is earlier than 0:1.0.16-3.el4_7.3
            oval oval:com.redhat.rhsa:tst:20090333008
          • comment libpng10-devel is signed with Red Hat master key
            oval oval:com.redhat.rhsa:tst:20070356009
    • AND
      • comment Red Hat Enterprise Linux 5 is installed
        oval oval:com.redhat.rhsa:tst:20070055001
      • OR
        • AND
          • comment libpng is earlier than 2:1.2.10-7.1.el5_3.2
            oval oval:com.redhat.rhsa:tst:20090333011
          • comment libpng is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070356017
        • AND
          • comment libpng-devel is earlier than 2:1.2.10-7.1.el5_3.2
            oval oval:com.redhat.rhsa:tst:20090333013
          • comment libpng-devel is signed with Red Hat redhatrelease key
            oval oval:com.redhat.rhsa:tst:20070356019
    rhsa
    id RHSA-2009:0333
    released 2009-03-04
    severity Moderate
    title RHSA-2009:0333: libpng security update (Moderate)
  • bugzilla
    id 486355
    title CVE-2009-0040 libpng arbitrary free() flaw
    oval
    AND
    • comment Red Hat Enterprise Linux 3 is installed
      oval oval:com.redhat.rhsa:tst:20060015001
    • OR
      • AND
        • comment libpng is earlier than 2:1.2.2-29
          oval oval:com.redhat.rhsa:tst:20090340002
        • comment libpng is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356003
      • AND
        • comment libpng-devel is earlier than 2:1.2.2-29
          oval oval:com.redhat.rhsa:tst:20090340004
        • comment libpng-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356005
      • AND
        • comment libpng10 is earlier than 0:1.0.13-20
          oval oval:com.redhat.rhsa:tst:20090340006
        • comment libpng10 is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356007
      • AND
        • comment libpng10-devel is earlier than 0:1.0.13-20
          oval oval:com.redhat.rhsa:tst:20090340008
        • comment libpng10-devel is signed with Red Hat master key
          oval oval:com.redhat.rhsa:tst:20070356009
    rhsa
    id RHSA-2009:0340
    released 2009-03-04
    severity Moderate
    title RHSA-2009:0340: libpng security update (Moderate)
  • rhsa
    id RHSA-2009:0315
  • rhsa
    id RHSA-2009:0325
rpms
  • firefox-0:3.0.7-1.el4
  • firefox-0:3.0.7-1.el5
  • xulrunner-0:1.9.0.7-1.el5
  • xulrunner-devel-0:1.9.0.7-1.el5
  • xulrunner-devel-unstable-0:1.9.0.7-1.el5
  • seamonkey-0:1.0.9-0.34.el3
  • seamonkey-chat-0:1.0.9-0.34.el3
  • seamonkey-devel-0:1.0.9-0.34.el3
  • seamonkey-dom-inspector-0:1.0.9-0.34.el3
  • seamonkey-js-debugger-0:1.0.9-0.34.el3
  • seamonkey-mail-0:1.0.9-0.34.el3
  • seamonkey-nspr-0:1.0.9-0.34.el3
  • seamonkey-nspr-devel-0:1.0.9-0.34.el3
  • seamonkey-nss-0:1.0.9-0.34.el3
  • seamonkey-nss-devel-0:1.0.9-0.34.el3
  • seamonkey-0:1.0.9-38.el4
  • seamonkey-chat-0:1.0.9-38.el4
  • seamonkey-devel-0:1.0.9-38.el4
  • seamonkey-dom-inspector-0:1.0.9-38.el4
  • seamonkey-js-debugger-0:1.0.9-38.el4
  • seamonkey-mail-0:1.0.9-38.el4
  • libpng-2:1.2.7-3.el4_7.2
  • libpng-devel-2:1.2.7-3.el4_7.2
  • libpng10-0:1.0.16-3.el4_7.3
  • libpng10-devel-0:1.0.16-3.el4_7.3
  • libpng-2:1.2.10-7.1.el5_3.2
  • libpng-devel-2:1.2.10-7.1.el5_3.2
  • libpng-2:1.2.2-29
  • libpng-devel-2:1.2.2-29
  • libpng10-0:1.0.13-20
  • libpng10-devel-0:1.0.13-20
refmap via4
apple
  • APPLE-SA-2009-05-12
  • APPLE-SA-2009-06-08-1
  • APPLE-SA-2009-06-17-1
  • APPLE-SA-2009-08-05-1
bid
  • 33827
  • 33990
bugtraq
  • 20090312 rPSA-2009-0046-1 libpng
  • 20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues
  • 20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
cert
  • TA09-133A
  • TA09-218A
cert-vn VU#649212
confirm
debian
  • DSA-1750
  • DSA-1830
fedora
  • FEDORA-2009-1976
  • FEDORA-2009-2045
  • FEDORA-2009-2882
  • FEDORA-2009-2884
gentoo
  • GLSA-200903-28
  • GLSA-201209-25
mandriva
  • MDVSA-2009:051
  • MDVSA-2009:075
  • MDVSA-2009:083
mlist
  • [png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability
  • [security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server
secunia
  • 33970
  • 33976
  • 34137
  • 34140
  • 34143
  • 34145
  • 34152
  • 34210
  • 34265
  • 34272
  • 34320
  • 34324
  • 34388
  • 34462
  • 34464
  • 35074
  • 35258
  • 35302
  • 35379
  • 35386
  • 36096
slackware
  • SSA:2009-083-02
  • SSA:2009-083-03
sunalert
  • 1020521
  • 259989
suse
  • SUSE-SA:2009:012
  • SUSE-SA:2009:023
  • SUSE-SR:2009:005
vupen
  • ADV-2009-0469
  • ADV-2009-0473
  • ADV-2009-0632
  • ADV-2009-1297
  • ADV-2009-1451
  • ADV-2009-1462
  • ADV-2009-1522
  • ADV-2009-1560
  • ADV-2009-1621
  • ADV-2009-2172
xf libpng-pointer-arrays-code-execution(48819)
Last major update 14-05-2013 - 22:53
Published 22-02-2009 - 17:30
Last modified 11-10-2018 - 16:59
Back to Top