VDB
CVE-2009-5063
CVE-2009-5063
PUBLISHED
CVSS 5 MEDIUM
Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.
EPSS 0.47% · 64.9th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
0.47%
64.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| libpng | libpng | 0, 1.2.39, 1.2.39 |
Exploit Intelligence
- 49660 (circl)
- [oss-security] 20110322 CVE Request: libpng memory leak (circl)
- GLSA-201206-15 (circl)
- [oss-security] 20110328 Re: CVE Request: libpng memory leak (circl)
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 (circl)
Timeline
- Aug 31, 2011 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 49660 third-party-advisory
- [oss-security] 20110322 CVE Request: libpng memory leak mailing-list
- GLSA-201206-15 vendor-advisory
- [oss-security] 20110328 Re: CVE Request: libpng memory leak mailing-list
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng%3Ba=commitdiff%3Bh=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 url
- https://nvd.nist.gov/vuln/detail/CVE-2009-5063 advisory
- http://libpng.git.sourceforge.net/git/gitweb.cgi?p=libpng/libpng;a=commitdiff;h=948ee23a2a400672b1751cfc646a7467741e9b2e#patch18 url