CVE 2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Related bugs and status
CVE-2009-0040 (Candidate) is related to these bugs:
Bug #152516: kompozer tip dialog does not close, if main dialog is destroyed
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
152516 | kompozer tip dialog does not close, if main dialog is destroyed | kompozer (Ubuntu) | Undecided | Fix Released | ||
152516 | kompozer tip dialog does not close, if main dialog is destroyed | KompoZer | Unknown | Unknown |
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu) | Undecided | Fix Released | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Dapper) | Undecided | Fix Released | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Feisty) | Undecided | Won't Fix | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Gutsy) | Undecided | Fix Released | ||
217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Hardy) | Undecided | Fix Released |
Bug #244227: KompoZer cannot display the right Chinese fonts
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
244227 | KompoZer cannot display the right Chinese fonts | kompozer (Ubuntu) | Undecided | Fix Released |
Bug #260021: kompozer-bin crashed with SIGSEGV in nsTimerImpl::Fire()
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
260021 | kompozer-bin crashed with SIGSEGV in nsTimerImpl::Fire() | kompozer (Ubuntu) | Medium | Fix Released |
Bug #263441: kompozer crashes in intrepid when opening the recent files menu
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
263441 | kompozer crashes in intrepid when opening the recent files menu | kompozer (Ubuntu) | Undecided | Fix Released | ||
263441 | kompozer crashes in intrepid when opening the recent files menu | Baltix | Undecided | New |
Bug #276290: kompozer-bin crashed with SIGSEGV in g_closure_invoke()
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
276290 | kompozer-bin crashed with SIGSEGV in g_closure_invoke() | kompozer (Ubuntu) | Medium | Fix Released |
Bug #309655: Seamonkey 1.1.14 security upgrade
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu) | Critical | Fix Released | ||
309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu Hardy) | Critical | Fix Released | ||
309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu Intrepid) | Critical | Fix Released |
Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Dapper) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Gutsy) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Jaunty) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Intrepid) | Low | Fix Released | ||
324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Hardy) | Low | Fix Released |
Bug #338027: libpng code injection CVE-2009-0040
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Dapper) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Gutsy) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Hardy) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Intrepid) | Medium | Fix Released | ||
338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Jaunty) | Medium | Fix Released |
Bug #365163: kompozer keeps crashing
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
365163 | kompozer keeps crashing | kompozer (Ubuntu) | Undecided | Fix Released |
Bug #469752: firefox,3.5/3.6 startup-notification bug
Summary | In | Importance | Status | |||
---|---|---|---|---|---|---|
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu) | Medium | Invalid | ||
469752 | firefox,3.5/3.6 startup-notification bug | Mozilla Firefox | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Suse) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu Lucid) | Medium | Fix Released | ||
469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu Lucid) | Medium | Invalid |
See the
CVE page on Mitre.org
for more details.