CVE-2009-0040

by Fred · 22/02/2009

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Date published : 2009-02-22

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

CVE-2009-0040

Similar

Recent Posts

Categories

CVE-2009-0040

Share this:

Similar

Recent Posts

Categories

Tags