Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2009-2042

Published: 12/06/2009 Updated: 17/08/2017
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Libpng

Vulnerability Summary

libpng prior to 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote malicious users to read portions of sensitive memory via "out-of-bounds pixels" in the file.

Vulnerable Product Search on Vulmon Subscribe to Product

libpng libpng 0.89c

libpng libpng 1.0.11

libpng libpng 1.0.13

libpng libpng 1.0.15

libpng libpng 1.0.16

libpng libpng 1.0.2

libpng libpng 1.0.22

libpng libpng 1.2.18

libpng libpng 1.2.1

libpng libpng 1.2.17

libpng libpng 1.2.16

libpng libpng 1.2.13

libpng libpng 1.2.19

libpng libpng 1.2.10

libpng libpng 1.0.8

libpng libpng 1.0.9

libpng libpng 1.2.14

libpng libpng 1.2.15

libpng libpng 1.2.11

libpng libpng 1.2.23

libpng libpng 1.2.24

libpng libpng 1.2.22

libpng libpng 1.2.20

libpng libpng 1.2.2

libpng libpng 1.2.26

libpng libpng 1.2.25

libpng libpng 1.2.3

libpng libpng 1.0.10

libpng libpng 1.0.19

libpng libpng 1.0.21

libpng libpng 1.2.0

libpng libpng 1.0.1

libpng libpng 1.0.12

libpng libpng 1.0.17

libpng libpng 1.0.18

libpng libpng 1.0.23

libpng libpng 1.0.20

libpng libpng 1.0.7

libpng libpng 1.2.21

libpng libpng 1.2.31

libpng libpng 1.2.33

libpng libpng 1.2.34

libpng libpng

libpng libpng 0.95

libpng libpng 1.0.0

libpng libpng 1.0.14

libpng libpng 1.2.30

Vendor Advisories

Debian CVElist Bug Report Logs: libpng: CVE-2009-2042 "out-of-bounds pixels" vulnerability
Debian Bug report logs - #533676 libpng: CVE-2009-2042 "out-of-bounds pixels" vulnerability Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debianorg>; Reported by: Michael S Gilbert <michaelsgilbert@gmailcom> Date: Fri, 19 Jun 2009 18:09:04 UTC Severity: serious Tags: security Found in ...
Ubuntu Security Notice: libpng vulnerabilities
It was discovered that libpng did not properly initialize memory when decoding certain 1-bit interlaced images If a user or automated system were tricked into processing crafted PNG images, an attacker could possibly use this flaw to read sensitive information stored in memory This issue only affected Ubuntu 606 LTS, 804 LTS, 810 and 904 (CV ...
Debian Security Advisories: DSA-2032-1 libpng -- several vulnerabilities
Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2009-2042 libpng does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bit ...

References

CWE-200http://www.securityfocus.com/bid/35233http://secunia.com/advisories/35346http://www.vupen.com/english/advisories/2009/1510http://www.libpng.org/pub/png/libpng.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00630.htmlhttps://www.redhat.com/archives/fedora-package-announce/2009-June/msg00218.htmlhttp://secunia.com/advisories/35470http://secunia.com/advisories/35524http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.551809http://security.gentoo.org/glsa/glsa-200906-01.xmlhttp://secunia.com/advisories/35594http://ubuntu.com/usn/usn-913-1http://www.vupen.com/english/advisories/2010/0637http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.htmlhttp://support.apple.com/kb/HT4077http://secunia.com/advisories/39215http://lists.vmware.com/pipermail/security-announce/2010/000090.htmlhttp://archives.neohapsis.com/archives/bugtraq/2010-04/0077.htmlhttp://archives.neohapsis.com/archives/fulldisclosure/2010-04/0121.htmlhttp://secunia.com/advisories/39206http://www.vmware.com/security/advisories/VMSA-2010-0007.htmlhttp://secunia.com/advisories/39251http://www.debian.org/security/2010/dsa-2032http://www.vupen.com/english/advisories/2010/0847http://www.mandriva.com/security/advisories?name=MDVSA-2010:063http://www.vupen.com/english/advisories/2010/0682https://exchange.xforce.ibmcloud.com/vulnerabilities/50966https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=533676https://usn.ubuntu.com/913-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
deserializationCVE-2024-4040cross-site scriptingCVE-2023-25790CVE-2024-2961XML external entityCVE-2024-26926CVE-2024-32806CVE-2024-32711
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook