CVE-2009-2042

Advisory lineage Upstream: 0 Downstream: 2
Modified
Published: 12 Jun 2009, 20:07
Last modified:07 Aug 2024, 05:36

Vulnerability Summary

Overall Risk (default)
low
18/100
CVSS Score
4.3 MEDIUM
v2.0 (nvd)
EPSS Score
3.11% LOW
3% probability -0.04%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

12 Jun 2009, 20:07
Published
Vulnerability first disclosed
07 Aug 2024, 05:36
Last Modified
Vulnerability information updated

Description

libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.

CVSS Metrics

  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 3.11% Percentile: 87%

Techniques & Countermeasures

  • CWE-200Exposure of Sensitive Information to an Unauthorized Actor

    The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Affected Systems

  • libpnglibpng

    ≤ 1.2.35 | 0.89c | 0.95 | 1.00 | 1.0.1 | 1.0.2 | 1.0.7:beta17 | 1.0.7:beta18 | 1.0.7:rc1 | 1.0.7:rc2 | 1.0.8 | 1.0.8:beta1 | 1.0.8:beta2 | 1.0.8:beta3 | 1.0.8:beta4 | 1.0.8:rc1 | 1.0.9 | 1.0.9:beta1 | 1.0.9:beta10 | 1.0.9:beta2 | 1.0.9:beta3 | 1.0.9:beta4 | 1.0.9:beta5 | 1.0.9:beta6 | 1.0.9:beta7 | 1.0.9:beta8 | 1.0.9:beta9 | 1.0.9:rc1 | 1.0.9:rc2 | 1.0.10 | 1.0.10:beta1 | 1.0.10:rc1 | 1.0.11 | 1.0.11:beta1 | 1.0.11:beta2 | 1.0.11:beta3 | 1.0.11:rc1 | 1.0.12 | 1.0.12:beta1 | 1.0.12:rc1 | 1.0.13 | 1.0.14 | 1.0.15 | 1.0.15:rc1 | 1.0.15:rc2 | 1.0.15:rc3 | 1.0.16 | 1.0.17 | 1.0.17:rc1 | 1.0.18 | 1.0.19 | 1.0.19:rc1 | 1.0.19:rc2 | 1.0.19:rc3 | 1.0.19:rc5 | 1.0.20 | 1.0.21 | 1.0.21:rc1 | 1.0.21:rc2 | 1.0.22 | 1.0.22:rc1 | 1.0.23 | 1.0.23:rc1 | 1.2.0 | 1.2.0:beta1 | 1.2.0:beta2 | 1.2.0:beta3 | 1.2.0:beta4 | 1.2.0:beta5 | 1.2.0:rc1 | 1.2.1 | 1.2.1:beta1 | 1.2.1:beta2 | 1.2.1:beta3 | 1.2.1:beta4 | 1.2.1:rc1 | 1.2.1:rc2 | 1.2.2 | 1.2.2:beta1 | 1.2.2:beta2 | 1.2.2:beta3 | 1.2.2:beta4 | 1.2.2:beta5 | 1.2.2:beta6 | 1.2.2:rc1 | 1.2.3 | 1.2.3:rc3 | 1.2.3:rc6 | 1.2.10 | 1.2.10:beta1 | 1.2.10:beta2 | 1.2.10:beta3 | 1.2.10:beta4 | 1.2.10:beta5 | 1.2.10:beta6 | 1.2.10:beta7 | 1.2.10:rc1 | 1.2.10:rc2 | 1.2.10:rc3 | 1.2.11 | 1.2.11:beta1 | 1.2.11:beta2 | 1.2.11:beta3 | 1.2.11:beta4 | 1.2.11:rc1 | 1.2.11:rc2 | 1.2.11:rc3 | 1.2.11:rc5 | 1.2.13 | 1.2.13:beta1 | 1.2.13:rc1 | 1.2.13:rc2 | 1.2.14 | 1.2.14:beta1 | 1.2.14:beta2 | 1.2.14:rc1 | 1.2.15 | 1.2.15:beta1 | 1.2.15:beta2 | 1.2.15:beta3 | 1.2.15:beta4 | 1.2.15:beta5 | 1.2.15:beta6 | 1.2.15:rc1 | 1.2.15:rc2 | 1.2.15:rc3 | 1.2.15:rc4 | 1.2.15:rc5 | 1.2.16 | 1.2.16:beta1 | 1.2.16:beta2 | 1.2.16:rc1 | 1.2.17 | 1.2.17:beta1 | 1.2.17:beta2 | 1.2.17:rc1 | 1.2.17:rc2 | 1.2.17:rc3 | 1.2.17:rc4 | 1.2.18 | 1.2.19 | 1.2.19:beta1 | 1.2.19:beta10 | 1.2.19:beta11 | 1.2.19:beta12 | 1.2.19:beta13 | 1.2.19:beta14 | 1.2.19:beta15 | 1.2.19:beta16 | 1.2.19:beta17 | 1.2.19:beta18 | 1.2.19:beta19 | 1.2.19:beta2 | 1.2.19:beta20 | 1.2.19:beta21 | 1.2.19:beta22 | 1.2.19:beta23 | 1.2.19:beta24 | 1.2.19:beta25 | 1.2.19:beta26 | 1.2.19:beta27 | 1.2.19:beta28 | 1.2.19:beta29 | 1.2.19:beta3 | 1.2.19:beta30 | 1.2.19:beta31 | 1.2.19:beta32 | 1.2.19:beta33 | 1.2.19:beta4 | 1.2.19:beta5 | 1.2.19:beta6 | 1.2.19:beta7 | 1.2.19:beta8 | 1.2.19:beta9 | 1.2.19:rc1 | 1.2.19:rc2 | 1.2.19:rc3 | 1.2.19:rc4 | 1.2.19:rc5 | 1.2.19:rc6 | 1.2.20 | 1.2.20:beta01 | 1.2.20:beta02 | 1.2.20:beta03 | 1.2.20:beta04 | 1.2.20:rc1 | 1.2.20:rc2 | 1.2.20:rc3 | 1.2.20:rc4 | 1.2.20:rc5 | 1.2.20:rc6 | 1.2.21 | 1.2.21:beta1 | 1.2.21:beta2 | 1.2.21:rc1 | 1.2.21:rc2 | 1.2.21:rc3 | 1.2.22 | 1.2.22:beta1 | 1.2.22:beta2 | 1.2.22:beta2-1.2.21 | 1.2.22:beta3 | 1.2.22:beta3-1.2.21 | 1.2.22:beta4 | 1.2.22:beta4-1.2.21 | 1.2.22:rc1 | 1.2.22:rc1-1.2.21 | 1.2.23 | 1.2.23:beta01 | 1.2.23:beta01-1.2.22 | 1.2.23:beta02 | 1.2.23:beta02-1.2.22 | 1.2.23:beta03 | 1.2.23:beta03-1.2.22 | 1.2.23:beta04 | 1.2.23:beta04-1.2.22 | 1.2.23:beta05 | 1.2.23:beta05-1.2.22 | 1.2.23:rc01 | 1.2.23:rc01-1.2.22 | 1.2.24 | 1.2.24:beta01 | 1.2.24:beta01-1.2.23 | 1.2.24:beta02 | 1.2.24:beta02-1.2.23 | 1.2.24:beta03 | 1.2.24:beta03-1.2.23 | 1.2.24:rc01 | 1.2.24:rc01-1.2.23 | 1.2.25 | 1.2.25:beta01 | 1.2.25:beta02 | 1.2.25:beta03 | 1.2.25:beta04 | 1.2.25:beta05 | 1.2.25:beta06 | 1.2.25:rc01 | 1.2.25:rc02 | 1.2.26 | 1.2.26:beta01 | 1.2.26:beta02 | 1.2.26:beta03 | 1.2.26:beta04 | 1.2.26:beta05 | 1.2.26:rc01 | 1.2.30 | 1.2.31 | 1.2.33 | 1.2.34

References (27)