{"vuid":"VU#649212","idnumber":"649212","name":"libpng fails to properly initialize element pointers","keywords":["libpng","element pointers"],"overview":"Libpng contains a vulnerability in the way element pointers are handled.","clean_desc":"A vulnerability in the way libpng handles element pointers may result in uninitialized element pointers. This vulnerability is due to an off-by-one error introduced in multiple functions in libpng-0.89c. According to the PNG Development Group: If the application runs out of memory during the loop, some of the element pointers will be uninitialized. Libpng will then longjmp to a cleanup process that attempts to free all of the elements in the array, including the uninitialized ones. This behavior could be forced by a malevolent input. Note that this issue affects all versions of libpng prior to libpng-1.0.43 and libpng-1.2.35.","impact":"This vulnerability could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service.","resolution":"Upgrade\n The PNG Development Group has issued an upgrade to address this issue. See libpng version 1.2.35 for more information.","workarounds":"","sysaffected":"","thanks":"This issue was reported by the \nPNG Development Group\n in \nlibpng version 1.2.35","author":"This document was written by Chris Taschner.","public":["h","t","t","p",":","/","/","s","e","c","u","n","i","a",".","c","o","m","/","a","d","v","i","s","o","r","i","e","s","/","3","3","9","7","0","/","3","/"],"cveids":["CVE-2009-0040"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2009-02-19T15:05:27Z","publicdate":"2009-02-19T00:00:00Z","datefirstpublished":"2009-03-02T20:16:42Z","dateupdated":"2009-03-06T15:39:09Z","revision":12,"vrda_d1_directreport":"0","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"4","cam_population":"10","cam_impact":"7","cam_easeofexploitation":"7","cam_attackeraccessrequired":"20","cam_scorecurrent":"3.49125","cam_scorecurrentwidelyknown":"4.41","cam_scorecurrentwidelyknownexploited":"8.085","ipprotocol":"","cvss_accessvector":"--","cvss_accesscomplexity":"--","cvss_authentication":null,"cvss_confidentialityimpact":"--","cvss_integrityimpact":"--","cvss_availabilityimpact":"--","cvss_exploitablity":null,"cvss_remediationlevel":"Not Defined (ND)","cvss_reportconfidence":"Not Defined (ND)","cvss_collateraldamagepotential":"Not Defined (ND)","cvss_targetdistribution":"Not Defined (ND)","cvss_securityrequirementscr":"Not Defined (ND)","cvss_securityrequirementsir":"Not Defined (ND)","cvss_securityrequirementsar":"Not Defined (ND)","cvss_basescore":"0","cvss_basevector":"AV:--/AC:--/Au:--/C:--/I:--/A:--","cvss_temporalscore":"0","cvss_environmentalscore":"0","cvss_environmentalvector":"CDP:Not Defined (ND)/TD:Not Defined (ND)/CR:Not Defined (ND)/IR:Not Defined (ND)/AR:Not Defined (ND)","metric":3.49125,"vulnote":null}