CVE-2009-5063

Published: 8/31/2011 Last updated: 8/7/2024 Reserved: 3/28/2011

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

CNA assigner: mitre (8254265b-2729-46b6-b9e3-3dfca2d5bfca) Requested by: n/a

Opam packages affected (4)

conf-gd conf-libpng grib qrencode

Products affected (1)

Product	Vendor	Version
n/a	n/a	Workstation (14.x before 14.1.6)

References (10)

http://secunia.com/advisories/49660
http://www.openwall.com/lists/oss-security/2011/03/22/7
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://www.openwall.com/lists/oss-security/2011/03/28/6
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18
http://secunia.com/advisories/49660
http://www.openwall.com/lists/oss-security/2011/03/22/7
http://security.gentoo.org/glsa/glsa-201206-15.xml
http://www.openwall.com/lists/oss-security/2011/03/28/6
http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18