=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2009/VULN077
_____________________________________________________________________

DATE                      : 05/03/2009

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running libpng versions prior to
                               1.0.43 and 1.2.35.

======================================================================
http://www.kb.cert.org/vuls/id/649212
______________________________________________________________________

US-CERT - Vulnerability Note VU#649212

libpng fails to properly initialize element pointers

Overview

   Libpng contains a vulnerability in the way element pointers are
   handled.

I. Description

   A vulnerability in the way libpng handles element pointers may result
   in unitialized element pointers. This vulnerability is due to an
   off-by-one error introduced in multiple functions in libpng-0.89c.
   According to the PNG Development Group:

   If the application runs out of memory during the loop, some of the
   element pointers will be uninitialized. Libpng will then longjmp to a
   cleanup process that attempts to free all of the elements in the
   array, including the uninitialized ones. This behavior could be forced
   by a malevolent input.
   Note that this issue affects all versions of prior to libpng-1.0.43
   and libpng-1.2.35.

II. Impact

   This vulnerability could allow an unauthenticated, remote attacker to
   execute arbitrary code or cause a denial of service.

III. Solution

   Upgrade

   The PNG Development Group has issued an upgrade to address this
   issue. See libpng version 1.2.35 for more information.

Systems Affected

   Vendor     Status     Date Notified Date Updated
   libpng     Vulnerable               2009-03-02

References

   http://secunia.com/advisories/33970/3/

Credit

   This issue was reported by the PNG Development Group in libpng
   version 1.2.35.

   This document was written by Chris Taschner.

Other Information

   Date Public:              2009-02-19
   Date First Published:     2009-03-02
   Date Last Updated:        2009-03-02
   CERT Advisory:
   CVE-ID(s):                CVE-2009-0040
   NVD-ID(s):                CVE-2009-0040
   US-CERT Technical Alerts:
   Metric:                   3.49
   Document Revision:        10


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================