New Search

Libpng Library Uninitialized Pointer Arrays Memory Corruption Vulnerability

oval:org.mitre.oval:def:6458

The PNG reference library (aka libpng) before 1.0.43 and 1.2.x before 1.2.35 as used in pngcrush and other applications allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function (2) pCAL chunk handling or (3) setup of 16-bit gamma tables.

Family:
unix
Status:
ACCEPTED
Platform(s):
  • VMWare ESX Server 3.5
  • VMWare ESX Server 3
Class:
vulnerability
Reference(s):
  • CVE-2009-0040
Product(s):