CERT/CC Vulnerability Note VU#649212

Overview

Libpng contains a vulnerability in the way element pointers are handled.

Description

A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c. According to the PNG Development Group:

If the application runs out of memory during the loop, some of the element pointers will be uninitialized. Libpng will then longjmp to a cleanup process that attempts to free all of the elements in the array, including the uninitialized ones. This behavior could be forced by a malevolent input.

Note that this issue affects all versions of libpng prior to libpng-1.0.43 and libpng-1.2.35.

Impact

This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.

Solution

Upgrade
The PNG Development Group has issued an upgrade to address this issue. See libpng version 1.2.35 for more information.

Vendor Information

649212

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

libpng Affected

3com, Inc. Unknown

ACCESS Unknown

AT&T Unknown

Alcatel-Lucent Unknown

Apple Computer, Inc. Unknown

Avaya, Inc. Unknown

Barracuda Networks Unknown

Belkin, Inc. Unknown

Borderware Technologies Unknown

Bro Unknown

Charlotte's Web Networks Unknown

Check Point Software Technologies Unknown

Cisco Systems, Inc. Unknown

Clavister Unknown

Computer Associates Unknown

Computer Associates eTrust Security Management Unknown

Conectiva Inc. Unknown

Cray Inc. Unknown

D-Link Systems, Inc. Unknown

Debian GNU/Linux Unknown

DragonFly BSD Project Unknown

EMC Corporation Unknown

Engarde Secure Linux Unknown

Enterasys Networks Unknown

Ericsson Unknown

Extreme Networks Unknown

F5 Networks, Inc. Unknown

Fedora Project Unknown

Force10 Networks, Inc. Unknown

Fortinet, Inc. Unknown

Foundry Networks, Inc. Unknown

FreeBSD, Inc. Unknown

Fujitsu Unknown

Gentoo Linux Unknown

Global Technology Associates Unknown

Hewlett-Packard Company Unknown

Hitachi Unknown

IBM Corporation Unknown

IBM Corporation (zseries) Unknown

IBM eServer Unknown

IP Filter Unknown

Ingrian Networks, Inc. Unknown

Intel Corporation Unknown

Internet Security Systems, Inc. Unknown

Intoto Unknown

Juniper Networks, Inc. Unknown

Luminous Networks Unknown

Mandriva S. A. Unknown

McAfee Unknown

Microsoft Corporation Unknown

MontaVista Software, Inc. Unknown

Multitech, Inc. Unknown

NEC Corporation Unknown

NetApp Unknown

NetBSD Unknown

Nokia Unknown

Nortel Networks, Inc. Unknown

Novell, Inc. Unknown

OpenBSD Unknown

Openwall GNU/*/Linux Unknown

PePLink Unknown

Process Software Unknown

Q1 Labs Unknown

QNX, Software Systems, Inc. Unknown

Quagga Unknown

RadWare, Inc. Unknown

Red Hat, Inc. Unknown

Redback Networks, Inc. Unknown

SUSE Linux Unknown

Secureworx, Inc. Unknown

Silicon Graphics, Inc. Unknown

Slackware Linux Inc. Unknown

SmoothWall Unknown

Snort Unknown

Soapstone Networks Unknown

Sony Corporation Unknown

Sourcefire Unknown

Stonesoft Unknown

Sun Microsystems, Inc. Unknown

Symantec, Inc. Unknown

The SCO Group Unknown

TippingPoint, Technologies, Inc. Unknown

Turbolinux Unknown

U4EA Technologies, Inc. Unknown

Ubuntu Unknown

Unisys Unknown

Vyatta Unknown

Watchguard Technologies, Inc. Unknown

Wind River Systems, Inc. Unknown

ZyXEL Unknown

eSoft, Inc. Unknown

m0n0wall Unknown

netfilter Unknown

View all 94 vendors View less vendors

CVSS Metrics

Group	Score	Vector
Base	0	AV:--/AC:--/Au:--/C:--/I:--/A:--
Temporal	0	E:Not Defined (ND)/RL:Not Defined (ND)/RC:Not Defined (ND)
Environmental	0	CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)

References

http://secunia.com/advisories/33970/3/

Acknowledgements

This issue was reported by the PNG Development Group in libpng version 1.2.35.

This document was written by Chris Taschner.

Other Information

CVE IDs:	CVE-2009-0040
Severity Metric:	3.49
Date Public:	2009-02-19
Date First Published:	2009-03-02
Date Last Updated:	2009-03-06 15:39 UTC
Document Revision:	12

Software Engineering Institute

CERT Coordination Center

libpng fails to properly initialize element pointers

Vulnerability Note VU#649212