CVE 2009-0040
The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Related bugs and status
CVE-2009-0040 (Candidate) is related to these bugs:
Bug #152516: kompozer tip dialog does not close, if main dialog is destroyed
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 152516 | kompozer tip dialog does not close, if main dialog is destroyed | kompozer (Ubuntu) | Undecided | Fix Released | ||
| 152516 | kompozer tip dialog does not close, if main dialog is destroyed | KompoZer | Unknown | Unknown | ||
Bug #217128: CVE-2008-1382: libpng zero-length chunks incorrect handling
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Dapper) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Feisty) | Undecided | Won't Fix | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Gutsy) | Undecided | Fix Released | ||
| 217128 | CVE-2008-1382: libpng zero-length chunks incorrect handling | libpng (Ubuntu Hardy) | Undecided | Fix Released | ||
Bug #244227: KompoZer cannot display the right Chinese fonts
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 244227 | KompoZer cannot display the right Chinese fonts | kompozer (Ubuntu) | Undecided | Fix Released | ||
Bug #260021: kompozer-bin crashed with SIGSEGV in nsTimerImpl::Fire()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 260021 | kompozer-bin crashed with SIGSEGV in nsTimerImpl::Fire() | kompozer (Ubuntu) | Medium | Fix Released | ||
Bug #263441: kompozer crashes in intrepid when opening the recent files menu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 263441 | kompozer crashes in intrepid when opening the recent files menu | kompozer (Ubuntu) | Undecided | Fix Released | ||
| 263441 | kompozer crashes in intrepid when opening the recent files menu | Baltix | Undecided | New | ||
Bug #276290: kompozer-bin crashed with SIGSEGV in g_closure_invoke()
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 276290 | kompozer-bin crashed with SIGSEGV in g_closure_invoke() | kompozer (Ubuntu) | Medium | Fix Released | ||
Bug #309655: Seamonkey 1.1.14 security upgrade
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu) | Critical | Fix Released | ||
| 309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu Hardy) | Critical | Fix Released | ||
| 309655 | Seamonkey 1.1.14 security upgrade | seamonkey (Ubuntu Intrepid) | Critical | Fix Released | ||
Bug #324258: [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Dapper) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Gutsy) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Jaunty) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Intrepid) | Low | Fix Released | ||
| 324258 | [CVE-2008-5907] libpng: png_check_keyword() in pngwutil.c might allow overwriting arbitrary memory location | libpng (Ubuntu Hardy) | Low | Fix Released | ||
Bug #338027: libpng code injection CVE-2009-0040
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Dapper) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Gutsy) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Hardy) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Intrepid) | Medium | Fix Released | ||
| 338027 | libpng code injection CVE-2009-0040 | libpng (Ubuntu Jaunty) | Medium | Fix Released | ||
Bug #365163: kompozer keeps crashing
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 365163 | kompozer keeps crashing | kompozer (Ubuntu) | Undecided | Fix Released | ||
Bug #469752: firefox,3.5/3.6 startup-notification bug
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu) | Medium | Invalid | ||
| 469752 | firefox,3.5/3.6 startup-notification bug | Mozilla Firefox | Medium | Fix Released | ||
| 469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Suse) | Medium | Fix Released | ||
| 469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu) | Medium | Fix Released | ||
| 469752 | firefox,3.5/3.6 startup-notification bug | firefox (Ubuntu Lucid) | Medium | Fix Released | ||
| 469752 | firefox,3.5/3.6 startup-notification bug | firefox-3.5 (Ubuntu Lucid) | Medium | Invalid | ||
See the 
CVE page on Mitre.org
for more details.
