exploit the possibilities
Showing 1 - 12 of 12 RSS Feed

CVE-2009-0040

Status Candidate

Overview

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

Related Files

Gentoo Linux Security Advisory 201412-08
Posted Dec 12, 2014
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201412-8 - This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution.

tags | advisory, remote, local, vulnerability, code execution
systems | linux, gentoo
advisories | CVE-2006-3005, CVE-2007-2741, CVE-2008-0553, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2008-6661, CVE-2009-0040, CVE-2009-0360, CVE-2009-0361, CVE-2009-0946, CVE-2009-2042, CVE-2009-2624, CVE-2009-3736, CVE-2009-4029, CVE-2009-4411, CVE-2009-4896, CVE-2010-0001, CVE-2010-0436, CVE-2010-0732, CVE-2010-0829, CVE-2010-1000, CVE-2010-1205, CVE-2010-1511, CVE-2010-2056, CVE-2010-2060, CVE-2010-2192, CVE-2010-2251
MD5 | 4988293251dc9709a0f0caf5c1076c9b
Gentoo Linux Security Advisory 201209-25
Posted Sep 30, 2012
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201209-25 - Multiple vulnerabilities have been found in VMware Player, Server, and Workstation, allowing remote and local attackers to conduct several attacks, including privilege escalation, remote execution of arbitrary code, and a Denial of Service.

tags | advisory, remote, denial of service, arbitrary, local, vulnerability
systems | linux, gentoo
advisories | CVE-2007-5269, CVE-2007-5503, CVE-2007-5671, CVE-2008-0967, CVE-2008-1340, CVE-2008-1361, CVE-2008-1362, CVE-2008-1363, CVE-2008-1364, CVE-2008-1392, CVE-2008-1447, CVE-2008-1806, CVE-2008-1807, CVE-2008-1808, CVE-2008-2098, CVE-2008-2100, CVE-2008-2101, CVE-2008-4915, CVE-2008-4916, CVE-2008-4917, CVE-2009-0040, CVE-2009-0909, CVE-2009-0910, CVE-2009-1244, CVE-2009-2267, CVE-2009-3707, CVE-2009-3732, CVE-2009-3733
MD5 | 51bbb06deb17fab0f37713179ca258d1
VMware Security Advisory 2009-0010
Posted Aug 23, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - Several flaws were discovered in the way third party library libpng handled uninitialized pointers. An attacker could create a PNG image file in such a way, that when loaded by an application linked to libpng, it could cause the application to crash or execute arbitrary code at the privilege level of the user that runs the application. The new version of ACE updates the Apache HTTP Server on Windows hosts to version 2.0.63 which addresses multiple security issues that existed in the previous versions of this server.

tags | advisory, web, arbitrary
systems | windows
advisories | CVE-2009-0040, CVE-2007-3847, CVE-2007-1863, CVE-2006-5752, CVE-2007-3304, CVE-2007-6388, CVE-2007-5000, CVE-2008-0005
MD5 | 7061fd1e541c6f85002c9410d31ac29f
Debian Linux Security Advisory 1830-1
Posted Jul 13, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1830-1 - Several remote vulnerabilities have been discovered in the Icedove mail client, an unbranded version of the Thunderbird mail client.

tags | advisory, remote, vulnerability
systems | linux, debian
advisories | CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0652, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776, CVE-2009-1302, CVE-2009-1303, CVE-2009-1307, CVE-2009-1832, CVE-2009-1392, CVE-2009-1836, CVE-2009-1838, CVE-2009-1841
MD5 | 3d65362c1f3925b631feb50cdfab2cc1
VMware Security Advisory 2009-0007
Posted May 29, 2009
Authored by VMware | Site vmware.com

VMware Security Advisory - VMware Hosted products and ESX and ESXi patches resolve a security issue. Update patch 13 for ESX 2.5.5 updates the libpng Service Console RPM.

tags | advisory
advisories | CVE-2009-1805, CVE-2009-0040, CVE-2008-1382
MD5 | e321e1b1f68ac98ae02ac51e9497b6c7
Mandriva Linux Security Advisory 2009-083
Posted Apr 1, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-083 - A number of security vulnerabilities have been discovered in previous versions, and corrected in the latest Mozilla Thunderbird program, version 2.0.0.21. This update provides the latest Thunderbird to correct these issues. Additionally, Mozilla Thunderbird released with Mandriva Linux 2009.0, when used with Enigmail extension on x86_64 architecture, would freeze whenever any Enigmail function was used. Also, when used on i586 architecture, Thunderbird would crash when sending an email, if a file with an unknown extension was attached to it. This update also fixes those issues.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0040, CVE-2009-0352, CVE-2009-0353, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0776
MD5 | 4d7384fe939a23dc3b0be4fff05ff526
Debian Linux Security Advisory 1750-1
Posted Mar 24, 2009
Authored by Debian | Site debian.org

Debian Security Advisory 1750-1 - Several vulnerabilities have been discovered in libpng, a library for reading and writing PNG files.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2007-2445, CVE-2007-5269, CVE-2008-1382, CVE-2008-5907, CVE-2008-6218, CVE-2009-0040
MD5 | 083131ff682dc91a93d2365ba18a5826
Gentoo Linux Security Advisory 200903-28
Posted Mar 16, 2009
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory GLSA 200903-28 - Multiple vulnerabilities were found in libpng, which might result in the execution of arbitrary code. Versions less than 1.2.35 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2008-5907, CVE-2008-6218, CVE-2009-0040
MD5 | 3300d7d98434fc08c515ca440028bcf9
Mandriva Linux Security Advisory 2009-075
Posted Mar 13, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-075 - Security vulnerabilities have been discovered and corrected in the latest Mozilla Firefox 3.x, version 3.0.7. This update provides the latest Mozilla Firefox 3.x to correct these issues. As Mozilla Firefox 2.x has been phased out, version 3.x is also being provided for Mandriva Linux 2008 Spring. Additionally some software has also been rebuilt against Mozilla Firefox 3.0.7 which should take care of upgrade problems.

tags | advisory, vulnerability
systems | linux, mandriva
advisories | CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777
MD5 | 2016fd3346271fdedea416b6a16ab6a8
Ubuntu Security Notice 730-1
Posted Mar 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-730-1 - A large amount of vulnerabilities in libpng have been addressed. These range from denial of service to remote code execution issues.

tags | advisory, remote, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2007-5268, CVE-2007-5269, CVE-2008-1382, CVE-2008-3964, CVE-2008-5907, CVE-2009-0040
MD5 | 1fca946060331888f2fd899bad007ec7
Ubuntu Security Notice 728-1
Posted Mar 6, 2009
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice USN-728-1 - Various vulnerabilities in Firefox have been addressed. The embedded libpng has been updated. Multiple flaws withing Firefox that could allow for denial of service or code execution have also been addressed.

tags | advisory, denial of service, vulnerability, code execution
systems | linux, ubuntu
advisories | CVE-2009-0040, CVE-2009-0771, CVE-2009-0772, CVE-2009-0773, CVE-2009-0774, CVE-2009-0775, CVE-2009-0776, CVE-2009-0777
MD5 | d1e167269a00f9ec426c8adb63d4a375
Mandriva Linux Security Advisory 2009-051
Posted Feb 23, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-051 - A number of vulnerabilities have been found and corrected in libpng. Fixed 1-byte buffer overflow in pngpread.c. This was allready fixed in Mandriva Linux 2009.0. Fix the function png_check_keyword() that allowed setting arbitrary bytes in the process memory to 0. Fix a potential DoS (Denial of Service) or to potentially compromise an application using the library. The updated packages have been patched to prevent this.

tags | advisory, denial of service, overflow, arbitrary, vulnerability
systems | linux, mandriva
advisories | CVE-2008-3964, CVE-2008-5907, CVE-2009-0040
MD5 | 510a300d031bdeaa14bdb9ebc4e955d9
Page 1 of 1
Back1Next

File Archive:

October 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    24 Files
  • 2
    Oct 2nd
    15 Files
  • 3
    Oct 3rd
    7 Files
  • 4
    Oct 4th
    4 Files
  • 5
    Oct 5th
    10 Files
  • 6
    Oct 6th
    1 Files
  • 7
    Oct 7th
    21 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    5 Files
  • 10
    Oct 10th
    20 Files
  • 11
    Oct 11th
    17 Files
  • 12
    Oct 12th
    4 Files
  • 13
    Oct 13th
    4 Files
  • 14
    Oct 14th
    15 Files
  • 15
    Oct 15th
    19 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close