CVE-2009-0040

MEDIUM

Description

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

References

ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt

http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html

http://lists.vmware.com/pipermail/security-announce/2009/000062.html

http://secunia.com/advisories/33970

http://secunia.com/advisories/33976

http://secunia.com/advisories/34137

http://secunia.com/advisories/34140

http://secunia.com/advisories/34143

http://secunia.com/advisories/34145

http://secunia.com/advisories/34152

http://secunia.com/advisories/34210

http://secunia.com/advisories/34265

http://secunia.com/advisories/34272

http://secunia.com/advisories/34320

http://secunia.com/advisories/34324

http://secunia.com/advisories/34388

http://secunia.com/advisories/34462

http://secunia.com/advisories/34464

http://secunia.com/advisories/35074

http://secunia.com/advisories/35258

http://secunia.com/advisories/35302

http://secunia.com/advisories/35379

http://secunia.com/advisories/35386

http://secunia.com/advisories/36096

http://security.gentoo.org/glsa/glsa-200903-28.xml

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952

http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com

http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT3757

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://wiki.rpath.com/Advisories:rPSA-2009-0046

http://www.debian.org/security/2009/dsa-1750

http://www.debian.org/security/2009/dsa-1830

http://www.kb.cert.org/vuls/id/649212

http://www.mandriva.com/security/advisories?name=MDVSA-2009:051

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mandriva.com/security/advisories?name=MDVSA-2009:083

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.redhat.com/support/errata/RHSA-2009-0325.html

http://www.redhat.com/support/errata/RHSA-2009-0333.html

http://www.redhat.com/support/errata/RHSA-2009-0340.html

http://www.securityfocus.com/archive/1/501767/100/0/threaded

http://www.securityfocus.com/archive/1/503912/100/0/threaded

http://www.securityfocus.com/archive/1/505990/100/0/threaded

http://www.securityfocus.com/bid/33827

http://www.securityfocus.com/bid/33990

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

http://www.vmware.com/security/advisories/VMSA-2009-0007.html

http://www.vupen.com/english/advisories/2009/0469

http://www.vupen.com/english/advisories/2009/0473

http://www.vupen.com/english/advisories/2009/0632

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1451

http://www.vupen.com/english/advisories/2009/1462

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1560

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2009/2172

https://exchange.xforce.ibmcloud.com/vulnerabilities/48819

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

Details

Source: MITRE

Published: 2009-02-22

Updated: 2018-10-11

Type: CWE-94

Risk Information

CVSS v2.0

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libpng:libpng:0.89c:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:a:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:d:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:e:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:f:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:g:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:h:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:i:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:j:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta11:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta12:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta13:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta14:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta15:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta16:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta17:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta18:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta10:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta8:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta9:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.10:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.12:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.12:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.17:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.21:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.21:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.22:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.24:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.25:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.25:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* versions up to 1.0.42 (inclusive)

cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.7:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.7:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta10:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta8:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta9:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta10:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta11:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta12:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta13:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta14:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta15:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta16:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta17:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta18:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta19:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta20:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta21:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta22:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta23:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta24:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta25:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta26:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta27:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta28:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta29:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta30:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta31:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta32:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta33:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta8:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta9:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta03:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta04:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta05:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta06:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:rc01:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:rc02:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta01:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta02:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta03:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta04:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta05:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta06:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:rc01:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*

Tenable Plugins

View all (81 total)

IDNameProductFamilySeverity
107983Solaris 10 (x86) : 137081-10NessusSolaris Local Security Checks
high
107982Solaris 10 (x86) : 137081-09NessusSolaris Local Security Checks
high
107981Solaris 10 (x86) : 137081-07NessusSolaris Local Security Checks
high
107485Solaris 10 (sparc) : 137080-10NessusSolaris Local Security Checks
high
107484Solaris 10 (sparc) : 137080-09NessusSolaris Local Security Checks
high
107483Solaris 10 (sparc) : 137080-07NessusSolaris Local Security Checks
high
79961GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010NessusGentoo Local Security Checks
critical
78231F5 Networks BIG-IP : libpng vulnerability (SOL9988)NessusF5 Networks Local Security Checks
medium
67820Oracle Linux 3 : libpng (ELSA-2009-0340)NessusOracle Linux Local Security Checks
medium
67815Oracle Linux 4 / 5 : libpng (ELSA-2009-0333)NessusOracle Linux Local Security Checks
high
67811Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0325)NessusOracle Linux Local Security Checks
critical
67810Oracle Linux 4 / 5 : firefox (ELSA-2009-0315)NessusOracle Linux Local Security Checks
critical
62383GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
60540Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60539Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60538Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
44695Debian DSA-1830-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
43731CentOS 4 : libpng (CESA-2009:0333)NessusCentOS Local Security Checks
high
41548SuSE 10 Security Update : libpng (ZYPP Patch Number 6024)NessusSuSE Local Security Checks
medium
41547SuSE 10 Security Update : libpng (ZYPP Patch Number 6003)NessusSuSE Local Security Checks
medium
41467SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)NessusSuSE Local Security Checks
critical
41425SuSE 11 Security Update : libpng (SAT Patch Number 638)NessusSuSE Local Security Checks
medium
41352SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656)NessusSuSE Local Security Checks
critical
41281SuSE9 Security Update : libpng (YOU Patch Number 12358)NessusSuSE Local Security Checks
medium
41279SuSE9 Security Update : libpng (YOU Patch Number 12353)NessusSuSE Local Security Checks
medium
800789Mac OS X 10.5 < 10.5.8 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5122Mac OS X 10.5 < 10.5.8 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
40502Mac OS X 10.5.x < 10.5.8 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
40501Mac OS X Multiple Vulnerabilities (Security Update 2009-003)NessusMacOS X Local Security Checks
critical
40392VMSA-2009-0007 : VMware Hosted products and ESX and ESXi patches resolve security issuesNessusVMware ESX Local Security Checks
high
40309openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
40265openSUSE Security Update : libpng-devel (libpng-devel-558)NessusSuSE Local Security Checks
medium
40264openSUSE Security Update : libpng-devel (libpng-devel-528)NessusSuSE Local Security Checks
medium
40170openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)NessusSuSE Local Security Checks
critical
40133openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
40039openSUSE Security Update : libpng-devel (libpng-devel-558)NessusSuSE Local Security Checks
medium
40038openSUSE Security Update : libpng-devel (libpng-devel-528)NessusSuSE Local Security Checks
medium
39887openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)NessusSuSE Local Security Checks
critical
39462openSUSE 10 Security Update : seamonkey (seamonkey-6310)NessusSuSE Local Security Checks
critical
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38036Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-728-1)NessusUbuntu Local Security Checks
critical
37687Fedora 10 : libpng10-1.0.43-1.fc10 (2009-1976)NessusFedora Local Security Checks
medium
37641Fedora 10 : mingw32-libpng-1.2.35-1.fc10 (2009-2131)NessusFedora Local Security Checks
medium
37610Mandriva Linux Security Advisory : firefox (MDVSA-2009:075)NessusMandriva Local Security Checks
critical
37042Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libpng vulnerabilities (USN-730-1)NessusUbuntu Local Security Checks
high
36827Fedora 10 : thunderbird-2.0.0.21-1.fc10 (2009-2882)NessusFedora Local Security Checks
critical
36671Mandriva Linux Security Advisory : libpng (MDVSA-2009:051)NessusMandriva Local Security Checks
medium
36603Fedora 10 : libpng-1.2.35-1.fc10 (2009-2112)NessusFedora Local Security Checks
medium
36318Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083)NessusMandriva Local Security Checks
critical
36199openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)NessusSuSE Local Security Checks
critical
36011Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)NessusSlackware Local Security Checks
critical
36010Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02)NessusSlackware Local Security Checks
critical
4965SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
4964Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
35988Debian DSA-1750-1 : libpng - several vulnerabilitiesNessusDebian Local Security Checks
high
35984Fedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)NessusFedora Local Security Checks
critical
35978SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessusWindows
high
35977Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessusWindows
high
35929GLSA-200903-28 : libpng: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
35808Fedora 9 : libpng10-1.0.43-1.fc9 (2009-2045)NessusFedora Local Security Checks
medium
35789CentOS 4 / 5 : firefox (CESA-2009:0315)NessusCentOS Local Security Checks
critical
35780CentOS 3 / 4 : seamonkey (CESA-2009:0325)NessusCentOS Local Security Checks
critical
4950Mozilla Firefox < 3.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
35778Firefox 3.0.x < 3.0.7 Multiple VulnerabilitiesNessusWindows
high
35776RHEL 3 : libpng (RHSA-2009:0340)NessusRed Hat Local Security Checks
medium
35775RHEL 2.1 / 4 / 5 : libpng (RHSA-2009:0333)NessusRed Hat Local Security Checks
high
35774RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0325)NessusRed Hat Local Security Checks
critical
35773RHEL 4 / 5 : firefox (RHSA-2009:0315)NessusRed Hat Local Security Checks
critical
35771FreeBSD : pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability (ea2411a4-08e8-11de-b88a-0022157515b2)NessusFreeBSD Local Security Checks
medium
35768CentOS 3 : libpng (CESA-2009:0340)NessusCentOS Local Security Checks
medium
35748openSUSE 10 Security Update : libpng (libpng-6021)NessusSuSE Local Security Checks
medium
35746Fedora 9 : libpng-1.2.35-1.fc9 (2009-2128)NessusFedora Local Security Checks
medium
35733openSUSE 10 Security Update : libpng (libpng-6001)NessusSuSE Local Security Checks
medium
35727Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2009-051-01)NessusSlackware Local Security Checks
medium
31337Solaris 10 (x86) : 137081-11 (deprecated)NessusSolaris Local Security Checks
high
31333Solaris 10 (sparc) : 137080-11 (deprecated)NessusSolaris Local Security Checks
high
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
801212Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800869SeaMonkey < 1.1.15 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high