Launchpad.net

CVE 2009-2042

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://www.libpng.org/...
BID: 35233
SECUNIA: 35346
VUPEN: ADV-2009-1510
FEDORA: FEDORA-2009-5977
FEDORA: FEDORA-2009-6400
SECUNIA: 35470
SECUNIA: 35524
GENTOO: GLSA-200906-01
SECUNIA: 35594
UBUNTU: USN-913-1
VUPEN: ADV-2010-0637
CONFIRM: http://support.apple.c...
APPLE: APPLE-SA-2010-03-29-1
BUGTRAQ: 20100409 VMSA-2010-000...
FULLDISC: 20100409 VMSA-2010-000...
MLIST: [security-announce] 20...
CONFIRM: http://www.vmware.com/...
SECUNIA: 39206
SECUNIA: 39215
DEBIAN: DSA-2032
SECUNIA: 39251
VUPEN: ADV-2010-0847
MANDRIVA: MDVSA-2010:063
VUPEN: ADV-2010-0682
SLACKWARE: SSA:2009-170-01
XF: libpng-interlaced-imag...

Launchpad.net

CVE 2009-2042

Related bugs

References