cvelist/2009/0xxx/CVE-2009-0040.json

{
   "CVE_data_meta" : {
      "ASSIGNER" : "cve@mitre.org",
      "ID" : "CVE-2009-0040",
      "STATE" : "PUBLIC"
   },
   "affects" : {
      "vendor" : {
         "vendor_data" : [
            {
               "product" : {
                  "product_data" : [
                     {
                        "product_name" : "n/a",
                        "version" : {
                           "version_data" : [
                              {
                                 "version_value" : "n/a"
                              }
                           ]
                        }
                     }
                  ]
               },
               "vendor_name" : "n/a"
            }
         ]
      }
   },
   "data_format" : "MITRE",
   "data_type" : "CVE",
   "data_version" : "4.0",
   "description" : {
      "description_data" : [
         {
            "lang" : "eng",
            "value" : "The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables."
         }
      ]
   },
   "problemtype" : {
      "problemtype_data" : [
         {
            "description" : [
               {
                  "lang" : "eng",
                  "value" : "n/a"
               }
            ]
         }
      ]
   },
   "references" : {
      "reference_data" : [
         {
            "name" : "20090312 rPSA-2009-0046-1 libpng",
            "refsource" : "BUGTRAQ",
            "url" : "http://www.securityfocus.com/archive/1/501767/100/0/threaded"
         },
         {
            "name" : "20090529 VMSA-2009-0007 VMware Hosted products and ESX and ESXi patches resolve security issues",
            "refsource" : "BUGTRAQ",
            "url" : "http://www.securityfocus.com/archive/1/503912/100/0/threaded"
         },
         {
            "name" : "20090821 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
            "refsource" : "BUGTRAQ",
            "url" : "http://www.securityfocus.com/archive/1/505990/100/0/threaded"
         },
         {
            "name" : "[png-mng-implement] 20090219 libpng-1.2.35 and libpng-1.0.43 fix security vulnerability",
            "refsource" : "MLIST",
            "url" : "http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com"
         },
         {
            "name" : "[security-announce] 20090820 VMSA-2009-0010 VMware Hosted products update libpng and Apache HTTP Server",
            "refsource" : "MLIST",
            "url" : "http://lists.vmware.com/pipermail/security-announce/2009/000062.html"
         },
         {
            "name" : "ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt",
            "refsource" : "CONFIRM",
            "url" : "ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt"
         },
         {
            "name" : "http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt",
            "refsource" : "CONFIRM",
            "url" : "http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt"
         },
         {
            "name" : "http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441",
            "refsource" : "CONFIRM",
            "url" : "http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441"
         },
         {
            "name" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document",
            "refsource" : "CONFIRM",
            "url" : "http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document"
         },
         {
            "name" : "http://wiki.rpath.com/Advisories:rPSA-2009-0046",
            "refsource" : "CONFIRM",
            "url" : "http://wiki.rpath.com/Advisories:rPSA-2009-0046"
         },
         {
            "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm",
            "refsource" : "CONFIRM",
            "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm"
         },
         {
            "name" : "http://support.apple.com/kb/HT3549",
            "refsource" : "CONFIRM",
            "url" : "http://support.apple.com/kb/HT3549"
         },
         {
            "name" : "http://www.vmware.com/security/advisories/VMSA-2009-0007.html",
            "refsource" : "CONFIRM",
            "url" : "http://www.vmware.com/security/advisories/VMSA-2009-0007.html"
         },
         {
            "name" : "http://support.apple.com/kb/HT3613",
            "refsource" : "CONFIRM",
            "url" : "http://support.apple.com/kb/HT3613"
         },
         {
            "name" : "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm",
            "refsource" : "CONFIRM",
            "url" : "http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm"
         },
         {
            "name" : "http://support.apple.com/kb/HT3639",
            "refsource" : "CONFIRM",
            "url" : "http://support.apple.com/kb/HT3639"
         },
         {
            "name" : "http://support.apple.com/kb/HT3757",
            "refsource" : "CONFIRM",
            "url" : "http://support.apple.com/kb/HT3757"
         },
         {
            "name" : "APPLE-SA-2009-05-12",
            "refsource" : "APPLE",
            "url" : "http://lists.apple.com/archives/security-announce/2009/May/msg00002.html"
         },
         {
            "name" : "APPLE-SA-2009-06-08-1",
            "refsource" : "APPLE",
            "url" : "http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html"
         },
         {
            "name" : "APPLE-SA-2009-06-17-1",
            "refsource" : "APPLE",
            "url" : "http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html"
         },
         {
            "name" : "APPLE-SA-2009-08-05-1",
            "refsource" : "APPLE",
            "url" : "http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html"
         },
         {
            "name" : "DSA-1750",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2009/dsa-1750"
         },
         {
            "name" : "DSA-1830",
            "refsource" : "DEBIAN",
            "url" : "http://www.debian.org/security/2009/dsa-1830"
         },
         {
            "name" : "FEDORA-2009-1976",
            "refsource" : "FEDORA",
            "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html"
         },
         {
            "name" : "FEDORA-2009-2045",
            "refsource" : "FEDORA",
            "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html"
         },
         {
            "name" : "FEDORA-2009-2882",
            "refsource" : "FEDORA",
            "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html"
         },
         {
            "name" : "FEDORA-2009-2884",
            "refsource" : "FEDORA",
            "url" : "https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html"
         },
         {
            "name" : "GLSA-200903-28",
            "refsource" : "GENTOO",
            "url" : "http://security.gentoo.org/glsa/glsa-200903-28.xml"
         },
         {
            "name" : "GLSA-201209-25",
            "refsource" : "GENTOO",
            "url" : "http://security.gentoo.org/glsa/glsa-201209-25.xml"
         },
         {
            "name" : "MDVSA-2009:051",
            "refsource" : "MANDRIVA",
            "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:051"
         },
         {
            "name" : "MDVSA-2009:075",
            "refsource" : "MANDRIVA",
            "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:075"
         },
         {
            "name" : "MDVSA-2009:083",
            "refsource" : "MANDRIVA",
            "url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2009:083"
         },
         {
            "name" : "RHSA-2009:0315",
            "refsource" : "REDHAT",
            "url" : "http://www.redhat.com/support/errata/RHSA-2009-0315.html"
         },
         {
            "name" : "RHSA-2009:0325",
            "refsource" : "REDHAT",
            "url" : "http://www.redhat.com/support/errata/RHSA-2009-0325.html"
         },
         {
            "name" : "RHSA-2009:0333",
            "refsource" : "REDHAT",
            "url" : "http://www.redhat.com/support/errata/RHSA-2009-0333.html"
         },
         {
            "name" : "RHSA-2009:0340",
            "refsource" : "REDHAT",
            "url" : "http://www.redhat.com/support/errata/RHSA-2009-0340.html"
         },
         {
            "name" : "SSA:2009-083-02",
            "refsource" : "SLACKWARE",
            "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420"
         },
         {
            "name" : "SSA:2009-083-03",
            "refsource" : "SLACKWARE",
            "url" : "http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952"
         },
         {
            "name" : "259989",
            "refsource" : "SUNALERT",
            "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1"
         },
         {
            "name" : "1020521",
            "refsource" : "SUNALERT",
            "url" : "http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1"
         },
         {
            "name" : "SUSE-SR:2009:005",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html"
         },
         {
            "name" : "SUSE-SA:2009:012",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html"
         },
         {
            "name" : "SUSE-SA:2009:023",
            "refsource" : "SUSE",
            "url" : "http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html"
         },
         {
            "name" : "TA09-133A",
            "refsource" : "CERT",
            "url" : "http://www.us-cert.gov/cas/techalerts/TA09-133A.html"
         },
         {
            "name" : "TA09-218A",
            "refsource" : "CERT",
            "url" : "http://www.us-cert.gov/cas/techalerts/TA09-218A.html"
         },
         {
            "name" : "VU#649212",
            "refsource" : "CERT-VN",
            "url" : "http://www.kb.cert.org/vuls/id/649212"
         },
         {
            "name" : "33827",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/33827"
         },
         {
            "name" : "33990",
            "refsource" : "BID",
            "url" : "http://www.securityfocus.com/bid/33990"
         },
         {
            "name" : "oval:org.mitre.oval:def:10316",
            "refsource" : "OVAL",
            "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316"
         },
         {
            "name" : "oval:org.mitre.oval:def:6458",
            "refsource" : "OVAL",
            "url" : "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458"
         },
         {
            "name" : "34145",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34145"
         },
         {
            "name" : "34210",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34210"
         },
         {
            "name" : "34265",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34265"
         },
         {
            "name" : "34272",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34272"
         },
         {
            "name" : "34320",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34320"
         },
         {
            "name" : "34388",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34388"
         },
         {
            "name" : "34324",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34324"
         },
         {
            "name" : "34462",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34462"
         },
         {
            "name" : "34464",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34464"
         },
         {
            "name" : "35074",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/35074"
         },
         {
            "name" : "35258",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/35258"
         },
         {
            "name" : "35302",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/35302"
         },
         {
            "name" : "35379",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/35379"
         },
         {
            "name" : "35386",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/35386"
         },
         {
            "name" : "36096",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/36096"
         },
         {
            "name" : "34137",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34137"
         },
         {
            "name" : "34140",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34140"
         },
         {
            "name" : "34143",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34143"
         },
         {
            "name" : "34152",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/34152"
         },
         {
            "name" : "ADV-2009-0469",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/0469"
         },
         {
            "name" : "ADV-2009-0473",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/0473"
         },
         {
            "name" : "33970",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/33970"
         },
         {
            "name" : "33976",
            "refsource" : "SECUNIA",
            "url" : "http://secunia.com/advisories/33976"
         },
         {
            "name" : "ADV-2009-0632",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/0632"
         },
         {
            "name" : "ADV-2009-1297",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/1297"
         },
         {
            "name" : "ADV-2009-1451",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/1451"
         },
         {
            "name" : "ADV-2009-1462",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/1462"
         },
         {
            "name" : "ADV-2009-1522",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/1522"
         },
         {
            "name" : "ADV-2009-1560",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/1560"
         },
         {
            "name" : "ADV-2009-1621",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/1621"
         },
         {
            "name" : "ADV-2009-2172",
            "refsource" : "VUPEN",
            "url" : "http://www.vupen.com/english/advisories/2009/2172"
         },
         {
            "name" : "libpng-pointer-arrays-code-execution(48819)",
            "refsource" : "XF",
            "url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/48819"
         }
      ]
   }
}