CVE-2009-5063

Publication date 31 August 2011

Last updated 24 July 2024


Ubuntu priority

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

Status

Package Ubuntu Release Status
libpng 11.10 oneiric
Not affected
11.04 natty
Not affected
10.10 maverick
Not affected
10.04 LTS lucid
Not affected
8.04 LTS hardy
Fixed 1.2.15~beta5-3ubuntu0.5

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package Patch details
libpng

References

Related Ubuntu Security Notices (USN)

    • USN-1367-1
    • libpng vulnerabilities
    • 16 February 2012

Other references