CVE-2009-2042
Published: 12 June 2009
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file.
Priority
Status
Package | Release | Status |
---|---|---|
libpng Launchpad, Ubuntu, Debian |
dapper |
Released
(1.2.8rel-5ubuntu0.5)
|
hardy |
Released
(1.2.15~beta5-3ubuntu0.2)
|
|
intrepid |
Released
(1.2.27-1ubuntu0.2)
|
|
jaunty |
Released
(1.2.27-2ubuntu2.1)
|
|
karmic |
Not vulnerable
|
|
upstream |
Released
(1.2.37)
|
|
Patches: vendor: https://bugzilla.redhat.com/attachment.cgi?id=347014&action=diff (same as upstream) vendor: https://bugzilla.redhat.com/attachment.cgi?id=347015&action=diff (same as upstream) |
||
mozilla-thunderbird Launchpad, Ubuntu, Debian |
dapper |
Ignored
(end of life)
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
seamonkey Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
upstream |
Needs triage
|
|
thunderbird Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
upstream |
Needs triage
|
|
xulrunner Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Ignored
(end of life)
|
|
intrepid |
Ignored
(end of life)
|
|
jaunty |
Ignored
(end of life)
|
|
karmic |
Ignored
(end of life)
|
|
upstream |
Needs triage
|
|
xulrunner-1.9 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Released
(1.9.0.7+nobinonly-0ubuntu0.8.04.1)
|
|
intrepid |
Released
(1.9.0.7+nobinonly-0ubuntu0.8.10.1)
|
|
jaunty |
Released
(1.9.0.7+nobinonly-0ubuntu1)
|
|
karmic |
Does not exist
|
|
upstream |
Needs triage
|
|
xulrunner-1.9.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Released
(1.9.1.3+build1+nobinonly-0ubuntu0.9.04.2)
|
|
karmic |
Not vulnerable
|
|
upstream |
Needs triage
|