[Bug 504782] CVE-2009-2042 libpng: Interlaced Images Information Disclosure Vulnerability

bugzilla at redhat.com bugzilla at redhat.com
Fri Jun 12 20:43:20 UTC 2009

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.


Vincent Danen <vdanen at redhat.com> changed:

           What    |Removed                     |Added
                 CC|                            |vdanen at redhat.com
            Summary|libpng: Interlaced Images   |CVE-2009-2042 libpng:
                   |Information Disclosure      |Interlaced Images
                   |Vulnerability               |Information Disclosure
                   |                            |Vulnerability
              Alias|                            |CVE-2009-2042

--- Comment #10 from Vincent Danen <vdanen at redhat.com>  2009-06-12 16:43:18 EDT ---
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-2042 to
the following vulnerability:

Name: CVE-2009-2042
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
Assigned: 20090612
Reference: CONFIRM: http://www.libpng.org/pub/png/libpng.html
Reference: BID:35233
Reference: URL: http://www.securityfocus.com/bid/35233
Reference: SECUNIA:35346
Reference: URL: http://secunia.com/advisories/35346
Reference: VUPEN:ADV-2009-1510
Reference: URL: http://www.vupen.com/english/advisories/2009/1510
Reference: XF:libpng-interlaced-image-info-disclosure(50966)
Reference: URL: http://xforce.iss.net/xforce/xfdb/50966

libpng before 1.2.37 does not properly parse 1-bit interlaced images
with width values that are not divisible by 8, which causes libpng to
include uninitialized bits in certain rows of a PNG file and might
allow remote attackers to read portions of sensitive memory via
"out-of-bounds pixels" in the file.

Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.

More information about the mingw mailing list