CVE-2009-0040

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.

References

ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt

http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt

http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html

http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html

http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html

http://lists.apple.com/archives/security-announce/2009/May/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html

http://lists.vmware.com/pipermail/security-announce/2009/000062.html

http://secunia.com/advisories/33970

http://secunia.com/advisories/33976

http://secunia.com/advisories/34137

http://secunia.com/advisories/34140

http://secunia.com/advisories/34143

http://secunia.com/advisories/34145

http://secunia.com/advisories/34152

http://secunia.com/advisories/34210

http://secunia.com/advisories/34265

http://secunia.com/advisories/34272

http://secunia.com/advisories/34320

http://secunia.com/advisories/34324

http://secunia.com/advisories/34388

http://secunia.com/advisories/34462

http://secunia.com/advisories/34464

http://secunia.com/advisories/35074

http://secunia.com/advisories/35258

http://secunia.com/advisories/35302

http://secunia.com/advisories/35379

http://secunia.com/advisories/35386

http://secunia.com/advisories/36096

http://security.gentoo.org/glsa/glsa-200903-28.xml

http://security.gentoo.org/glsa/glsa-201209-25.xml

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420

http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952

http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com

http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441

http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1

http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1

http://support.apple.com/kb/HT3549

http://support.apple.com/kb/HT3613

http://support.apple.com/kb/HT3639

http://support.apple.com/kb/HT3757

http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm

http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm

http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document

http://wiki.rpath.com/Advisories:rPSA-2009-0046

http://www.debian.org/security/2009/dsa-1750

http://www.debian.org/security/2009/dsa-1830

http://www.kb.cert.org/vuls/id/649212

http://www.mandriva.com/security/advisories?name=MDVSA-2009:051

http://www.mandriva.com/security/advisories?name=MDVSA-2009:075

http://www.mandriva.com/security/advisories?name=MDVSA-2009:083

http://www.redhat.com/support/errata/RHSA-2009-0315.html

http://www.redhat.com/support/errata/RHSA-2009-0325.html

http://www.redhat.com/support/errata/RHSA-2009-0333.html

http://www.redhat.com/support/errata/RHSA-2009-0340.html

http://www.securityfocus.com/archive/1/501767/100/0/threaded

http://www.securityfocus.com/archive/1/503912/100/0/threaded

http://www.securityfocus.com/archive/1/505990/100/0/threaded

http://www.securityfocus.com/bid/33827

http://www.securityfocus.com/bid/33990

http://www.us-cert.gov/cas/techalerts/TA09-133A.html

http://www.us-cert.gov/cas/techalerts/TA09-218A.html

http://www.vmware.com/security/advisories/VMSA-2009-0007.html

http://www.vupen.com/english/advisories/2009/0469

http://www.vupen.com/english/advisories/2009/0473

http://www.vupen.com/english/advisories/2009/0632

http://www.vupen.com/english/advisories/2009/1297

http://www.vupen.com/english/advisories/2009/1451

http://www.vupen.com/english/advisories/2009/1462

http://www.vupen.com/english/advisories/2009/1522

http://www.vupen.com/english/advisories/2009/1560

http://www.vupen.com/english/advisories/2009/1621

http://www.vupen.com/english/advisories/2009/2172

https://exchange.xforce.ibmcloud.com/vulnerabilities/48819

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html

https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html

Details

Source: MITRE

Published: 2009-02-22

Updated: 2018-10-11

Type: CWE-94

Risk Information

CVSS v2

Base Score: 6.8

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Impact Score: 6.4

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:libpng:libpng:0.89c:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:0.95:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.0:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.2:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.3:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.5:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:a:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:d:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:e:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:f:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:g:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:h:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:i:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.6:j:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta11:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta12:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta13:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta14:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta15:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta16:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta17:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:beta18:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.7:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.8:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta10:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta8:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:beta9:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.9:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.10:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.10:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.10:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.11:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.12:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.12:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.12:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.13:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.14:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.15:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.16:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.17:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.17:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.18:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.19:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.20:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.21:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.21:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.21:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.22:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.22:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.23:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.24:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.24:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.25:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.25:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.25:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.26:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.27:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.28:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.29:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.30:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.31:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.32:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.33:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.34:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.35:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.37:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.38:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.39:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.40:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.0.41:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:* versions up to 1.0.42 (inclusive)

cpe:2.3:a:libpng:libpng:1.2.0:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.0:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.1:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.2:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.3:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.4:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.5:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.6:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.7:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.7:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.7:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.8:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta10:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta8:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:beta9:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.9:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.10:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.11:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.13:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.14:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.15:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.16:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.17:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.18:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta10:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta11:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta12:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta13:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta14:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta15:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta16:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta17:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta18:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta19:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta20:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta21:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta22:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta23:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta24:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta25:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta26:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta27:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta28:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta29:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta30:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta31:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta32:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta33:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta7:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta8:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:beta9:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.19:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc5:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.20:rc6:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:rc2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.21:rc3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta2:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta3:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:beta4:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.22:rc1:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.23:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.24:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta03:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta04:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta05:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:beta06:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:rc01:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.25:rc02:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta01:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta02:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta03:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta04:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta05:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:beta06:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.26:rc01:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.27:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.28:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.29:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.30:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.31:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.32:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.33:*:*:*:*:*:*:*

cpe:2.3:a:libpng:libpng:1.2.34:*:*:*:*:*:*:*

Tenable Plugins

View all (81 total)

IDNameProductFamilySeverity
107983Solaris 10 (x86) : 137081-10NessusSolaris Local Security Checks
high
107982Solaris 10 (x86) : 137081-09NessusSolaris Local Security Checks
high
107981Solaris 10 (x86) : 137081-07NessusSolaris Local Security Checks
high
107485Solaris 10 (sparc) : 137080-10NessusSolaris Local Security Checks
high
107484Solaris 10 (sparc) : 137080-09NessusSolaris Local Security Checks
high
107483Solaris 10 (sparc) : 137080-07NessusSolaris Local Security Checks
high
79961GLSA-201412-08 : Multiple packages, Multiple vulnerabilities fixed in 2010NessusGentoo Local Security Checks
critical
78231F5 Networks BIG-IP : libpng vulnerability (SOL9988)NessusF5 Networks Local Security Checks
medium
67820Oracle Linux 3 : libpng (ELSA-2009-0340)NessusOracle Linux Local Security Checks
medium
67815Oracle Linux 4 / 5 : libpng (ELSA-2009-0333)NessusOracle Linux Local Security Checks
high
67811Oracle Linux 3 / 4 : seamonkey (ELSA-2009-0325)NessusOracle Linux Local Security Checks
critical
67810Oracle Linux 4 / 5 : firefox (ELSA-2009-0315)NessusOracle Linux Local Security Checks
critical
62383GLSA-201209-25 : VMware Player, Server, Workstation: Multiple vulnerabilitiesNessusGentoo Local Security Checks
medium
60540Scientific Linux Security Update : seamonkey on SL3.x, SL4.x i386/x86_64NessusScientific Linux Local Security Checks
critical
60539Scientific Linux Security Update : libpng on SL3.x, SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
high
60538Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64NessusScientific Linux Local Security Checks
critical
44695Debian DSA-1830-1 : icedove - several vulnerabilitiesNessusDebian Local Security Checks
critical
43731CentOS 4 : libpng (CESA-2009:0333)NessusCentOS Local Security Checks
high
41548SuSE 10 Security Update : libpng (ZYPP Patch Number 6024)NessusSuSE Local Security Checks
medium
41547SuSE 10 Security Update : libpng (ZYPP Patch Number 6003)NessusSuSE Local Security Checks
medium
41467SuSE 10 Security Update : MozillaFirefox (ZYPP Patch Number 6187)NessusSuSE Local Security Checks
critical
41425SuSE 11 Security Update : libpng (SAT Patch Number 638)NessusSuSE Local Security Checks
medium
41352SuSE 11 Security Update : MozillaFirefox (SAT Patch Number 656)NessusSuSE Local Security Checks
critical
41281SuSE9 Security Update : libpng (YOU Patch Number 12358)NessusSuSE Local Security Checks
medium
41279SuSE9 Security Update : libpng (YOU Patch Number 12353)NessusSuSE Local Security Checks
medium
800789Mac OS X 10.5 < 10.5.8 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high
5122Mac OS X 10.5 < 10.5.8 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
40502Mac OS X 10.5.x < 10.5.8 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
40501Mac OS X Multiple Vulnerabilities (Security Update 2009-003)NessusMacOS X Local Security Checks
critical
40392VMSA-2009-0007 : VMware Hosted products and ESX and ESXi patches resolve security issuesNessusVMware ESX Local Security Checks
high
40309openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
40265openSUSE Security Update : libpng-devel (libpng-devel-558)NessusSuSE Local Security Checks
medium
40264openSUSE Security Update : libpng-devel (libpng-devel-528)NessusSuSE Local Security Checks
medium
40170openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)NessusSuSE Local Security Checks
critical
40133openSUSE Security Update : seamonkey (seamonkey-1014)NessusSuSE Local Security Checks
critical
40039openSUSE Security Update : libpng-devel (libpng-devel-558)NessusSuSE Local Security Checks
medium
40038openSUSE Security Update : libpng-devel (libpng-devel-528)NessusSuSE Local Security Checks
medium
39887openSUSE Security Update : MozillaFirefox (MozillaFirefox-591)NessusSuSE Local Security Checks
critical
39462openSUSE 10 Security Update : seamonkey (seamonkey-6310)NessusSuSE Local Security Checks
critical
39339Safari < 4.0 Multiple VulnerabilitiesNessusWindows
high
38744Mac OS X 10.5.x < 10.5.7 Multiple VulnerabilitiesNessusMacOS X Local Security Checks
critical
38036Ubuntu 8.04 LTS / 8.10 : firefox-3.0, xulrunner-1.9 vulnerabilities (USN-728-1)NessusUbuntu Local Security Checks
critical
37687Fedora 10 : libpng10-1.0.43-1.fc10 (2009-1976)NessusFedora Local Security Checks
medium
37641Fedora 10 : mingw32-libpng-1.2.35-1.fc10 (2009-2131)NessusFedora Local Security Checks
medium
37610Mandriva Linux Security Advisory : firefox (MDVSA-2009:075)NessusMandriva Local Security Checks
critical
37042Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : libpng vulnerabilities (USN-730-1)NessusUbuntu Local Security Checks
high
36827Fedora 10 : thunderbird-2.0.0.21-1.fc10 (2009-2882)NessusFedora Local Security Checks
critical
36671Mandriva Linux Security Advisory : libpng (MDVSA-2009:051)NessusMandriva Local Security Checks
medium
36603Fedora 10 : libpng-1.2.35-1.fc10 (2009-2112)NessusFedora Local Security Checks
medium
36318Mandriva Linux Security Advisory : mozilla-thunderbird (MDVSA-2009:083)NessusMandriva Local Security Checks
critical
36199openSUSE 10 Security Update : MozillaFirefox (MozillaFirefox-6194)NessusSuSE Local Security Checks
critical
36011Slackware 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / current : mozilla-thunderbird (SSA:2009-083-03)NessusSlackware Local Security Checks
critical
36010Slackware 11.0 / 12.0 / 12.1 / 12.2 / current : seamonkey (SSA:2009-083-02)NessusSlackware Local Security Checks
critical
4965SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
4964Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessus Network MonitorSMTP Clients
medium
35988Debian DSA-1750-1 : libpng - several vulnerabilitiesNessusDebian Local Security Checks
high
35984Fedora 9 : thunderbird-2.0.0.21-1.fc9 (2009-2884)NessusFedora Local Security Checks
critical
35978SeaMonkey < 1.1.15 Multiple VulnerabilitiesNessusWindows
high
35977Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesNessusWindows
high
35929GLSA-200903-28 : libpng: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
35808Fedora 9 : libpng10-1.0.43-1.fc9 (2009-2045)NessusFedora Local Security Checks
medium
35789CentOS 4 / 5 : firefox (CESA-2009:0315)NessusCentOS Local Security Checks
critical
35780CentOS 3 / 4 : seamonkey (CESA-2009:0325)NessusCentOS Local Security Checks
critical
4950Mozilla Firefox < 3.0.7 Multiple VulnerabilitiesNessus Network MonitorWeb Clients
medium
35778Firefox 3.0.x < 3.0.7 Multiple VulnerabilitiesNessusWindows
high
35776RHEL 3 : libpng (RHSA-2009:0340)NessusRed Hat Local Security Checks
medium
35775RHEL 2.1 / 4 / 5 : libpng (RHSA-2009:0333)NessusRed Hat Local Security Checks
high
35774RHEL 2.1 / 3 / 4 : seamonkey (RHSA-2009:0325)NessusRed Hat Local Security Checks
critical
35773RHEL 4 / 5 : firefox (RHSA-2009:0315)NessusRed Hat Local Security Checks
critical
35771FreeBSD : pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability (ea2411a4-08e8-11de-b88a-0022157515b2)NessusFreeBSD Local Security Checks
medium
35768CentOS 3 : libpng (CESA-2009:0340)NessusCentOS Local Security Checks
medium
35748openSUSE 10 Security Update : libpng (libpng-6021)NessusSuSE Local Security Checks
medium
35746Fedora 9 : libpng-1.2.35-1.fc9 (2009-2128)NessusFedora Local Security Checks
medium
35733openSUSE 10 Security Update : libpng (libpng-6001)NessusSuSE Local Security Checks
medium
35727Slackware 10.0 / 10.1 / 10.2 / 11.0 / 12.0 / 12.1 / 12.2 / 8.1 / 9.0 / 9.1 / current : libpng (SSA:2009-051-01)NessusSlackware Local Security Checks
medium
31337Solaris 10 (x86) : 137081-11 (deprecated)NessusSolaris Local Security Checks
high
31333Solaris 10 (sparc) : 137080-11 (deprecated)NessusSolaris Local Security Checks
high
5023Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesNessus Network MonitorGeneric
critical
801212Mozilla Thunderbird < 2.0.0.21 Multiple VulnerabilitiesLog Correlation EngineSMTP Clients
high
800869SeaMonkey < 1.1.15 Multiple VulnerabilitiesLog Correlation EngineWeb Clients
high
800792Mac OS X 10.5 < 10.5.7 Multiple VulnerabilitiesLog Correlation EngineOperating System Detection
high