CVE-2009-2042
Publication date 12 June 2009
Last updated 24 July 2024
Ubuntu priority
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via “out-of-bounds pixels” in the file.
Status
Package | Ubuntu Release | Status |
---|---|---|
libpng | 9.10 karmic |
Not affected
|
9.04 jaunty |
Fixed 1.2.27-2ubuntu2.1
|
|
8.10 intrepid |
Fixed 1.2.27-1ubuntu0.2
|
|
8.04 LTS hardy |
Fixed 1.2.15~beta5-3ubuntu0.2
|
|
6.06 LTS dapper |
Fixed 1.2.8rel-5ubuntu0.5
|
|
mozilla-thunderbird | 9.10 karmic | Not in release |
9.04 jaunty | Not in release | |
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Ignored end of life | |
seamonkey | 9.10 karmic | Ignored end of life |
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release | |
thunderbird | 9.10 karmic | Ignored end of life |
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release | |
xulrunner | 9.10 karmic | Ignored end of life |
9.04 jaunty | Ignored end of life | |
8.10 intrepid | Ignored end of life | |
8.04 LTS hardy | Ignored end of life | |
6.06 LTS dapper | Not in release | |
xulrunner-1.9 | 9.10 karmic | Not in release |
9.04 jaunty |
Fixed 1.9.0.7+nobinonly-0ubuntu1
|
|
8.10 intrepid |
Fixed 1.9.0.7+nobinonly-0ubuntu0.8.10.1
|
|
8.04 LTS hardy |
Fixed 1.9.0.7+nobinonly-0ubuntu0.8.04.1
|
|
6.06 LTS dapper | Not in release | |
xulrunner-1.9.1 | 9.10 karmic |
Not affected
|
9.04 jaunty |
Fixed 1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2
|
|
8.10 intrepid | Not in release | |
8.04 LTS hardy | Not in release | |
6.06 LTS dapper | Not in release |
Patch details
Package | Patch details |
---|---|
libpng |