Your submission was sent successfully! Close

CVE-2009-5063

Published: 31 August 2011

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

Priority

Low

Status

Package Release Status
libpng
Launchpad, Ubuntu, Debian
hardy
Released (1.2.15~beta5-3ubuntu0.5)
lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

upstream
Released (1.2.39beta05)
Patches:
upstream: http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=9e88fcd58c8ce7f2183bc2045e5180cba0043f09#patch19