Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2009-2042 | First vendor Publication | 2009-06-12 |
Vendor | Cve | Last vendor Modification | 2024-11-21 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:N/A:N) | |||
---|---|---|---|
Cvss Base Score | 4.3 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of sensitive memory via "out-of-bounds pixels" in the file. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-200 | Information Exposure |
CPE : Common Platform Enumeration
ExploitDB Exploits
id | Description |
---|---|
2009-10-07 | VMware Player and Workstation <= 6.5.3 'vmware-authd' Remote Denial of Ser... |
2010-04-12 | VMware Remote Console e.x.p build-158248 - format string vulnerability |
OpenVAS Exploits
Date | Description |
---|---|
2012-04-16 | Name : VMSA-2010-0007: VMware hosted products, vCenter Server and ESX patches resolv... File : nvt/gb_VMSA-2010-0007.nasl |
2011-08-09 | Name : CentOS Update for libpng CESA-2010:0534 centos5 i386 File : nvt/gb_CESA-2010_0534_libpng_centos5_i386.nasl |
2010-08-20 | Name : CentOS Update for libpng10 CESA-2010:0534 centos3 i386 File : nvt/gb_CESA-2010_0534_libpng10_centos3_i386.nasl |
2010-07-16 | Name : RedHat Update for libpng RHSA-2010:0534-01 File : nvt/gb_RHSA-2010_0534-01_libpng.nasl |
2010-05-12 | Name : Mac OS X 10.6.3 Update / Mac OS X Security Update 2010-002 File : nvt/macosx_upd_10_6_3_secupd_2010-002.nasl |
2010-04-29 | Name : VMware Authorization Service Denial of Service Vulnerability (Win) -Apr10 File : nvt/secpod_vmware_prdts_dos_vuln_win_apr10.nasl |
2010-04-21 | Name : Debian Security Advisory DSA 2032-1 (libpng) File : nvt/deb_2032_1.nasl |
2010-04-16 | Name : VMware Products Tools Remote Code Execution Vulnerabilies (win) File : nvt/gb_vmware_prdts_tools_code_exec_vuln_lin.nasl |
2010-04-16 | Name : VMware Products Tools Remote Code Execution Vulnerabilies (win) File : nvt/gb_vmware_prdts_tools_code_exec_vuln_win.nasl |
2010-04-16 | Name : VMware Products 'vmware-vmx' Information Disclosure Vulnerability (Linux) File : nvt/gb_vmware_prdts_vmx_info_disc_vuln_lin.nasl |
2010-04-16 | Name : VMware Products 'vmware-vmx' Information Disclosure Vulnerability (Win) File : nvt/gb_vmware_prdts_vmx_info_disc_vuln_win.nasl |
2010-03-31 | Name : Fedora Update for libpng FEDORA-2010-4616 File : nvt/gb_fedora_2010_4616_libpng_fc11.nasl |
2010-03-31 | Name : Mandriva Update for libpng MDVSA-2010:063 (libpng) File : nvt/gb_mandriva_MDVSA_2010_063.nasl |
2010-03-22 | Name : Ubuntu Update for libpng vulnerabilities USN-913-1 File : nvt/gb_ubuntu_USN_913_1.nasl |
2010-02-19 | Name : Mandriva Update for totem MDVA-2010:063 (totem) File : nvt/gb_mandriva_MDVA_2010_063.nasl |
2009-10-13 | Name : SLES10: Security update for libpng File : nvt/sles10_libpng1.nasl |
2009-10-11 | Name : SLES11: Security update for libpng File : nvt/sles11_libpng12-00.nasl |
2009-10-10 | Name : SLES9: Security update for libpng File : nvt/sles9p5053577.nasl |
2009-07-29 | Name : SuSE Security Advisory SUSE-SA:2009:037 (dhcp-client) File : nvt/suse_sa_2009_037.nasl |
2009-06-30 | Name : Gentoo Security Advisory GLSA 200906-01 (libpng) File : nvt/glsa_200906_01.nasl |
2009-06-23 | Name : Fedora Core 9 FEDORA-2009-6603 (libpng) File : nvt/fcore_2009_6603.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6531 (libpng) File : nvt/fcore_2009_6531.nasl |
2009-06-23 | Name : Fedora Core 11 FEDORA-2009-6506 (libpng) File : nvt/fcore_2009_6506.nasl |
2009-06-23 | Name : Fedora Core 10 FEDORA-2009-6400 (mingw32-libpng) File : nvt/fcore_2009_6400.nasl |
2009-06-23 | Name : Fedora Core 11 FEDORA-2009-5977 (mingw32-libpng) File : nvt/fcore_2009_5977.nasl |
0000-00-00 | Name : Slackware Advisory SSA:2009-170-01 libpng File : nvt/esoft_slk_ssa_2009_170_01.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
54915 | libpng 1-bit Interlaced Image Handling Memory Disclosure libpng contains a flaw that may lead to an unauthorized information disclosure. Â The issue is triggered when libpng processes 1-bit interlaced images whose width is not divisible by 8, which will disclose uninitialized memory resulting in a loss of confidentiality. |
Information Assurance Vulnerability Management (IAVM)
Date | Description |
---|---|
2010-04-15 | IAVM : 2010-A-0066 - Multiple Vulnerabilities in VMware Products Severity : Category I - VMSKEY : V0023997 |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2016-03-08 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0007_remote.nasl - Type : ACT_GATHER_INFO |
2014-12-15 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-08.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20100714_libpng_on_SL3_x.nasl - Type : ACT_GATHER_INFO |
2011-09-21 | Name : The remote VMware ESX host is missing a security-related patch. File : vmware_VMSA-2010-0007.nasl - Type : ACT_GATHER_INFO |
2010-07-28 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2010-07-16 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2010-0534.nasl - Type : ACT_GATHER_INFO |
2010-04-15 | Name : The remote host has a virtualization application affected by multiple vulnera... File : vmware_multiple_vmsa_2010_0007.nasl - Type : ACT_GATHER_INFO |
2010-04-12 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2032.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_10_6_3.nasl - Type : ACT_GATHER_INFO |
2010-03-29 | Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2010-002.nasl - Type : ACT_GATHER_INFO |
2010-03-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-063.nasl - Type : ACT_GATHER_INFO |
2010-03-17 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-913-1.nasl - Type : ACT_GATHER_INFO |
2009-10-06 | Name : The remote openSUSE host is missing a security update. File : suse_libpng-6324.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 10 host is missing a security-related patch. File : suse_libpng-6326.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_12444.nasl - Type : ACT_GATHER_INFO |
2009-09-24 | Name : The remote SuSE 11 host is missing one or more security updates. File : suse_11_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_0_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO |
2009-07-21 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libpng-devel-090624.nasl - Type : ACT_GATHER_INFO |
2009-06-28 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200906-01.nasl - Type : ACT_GATHER_INFO |
2009-06-21 | Name : The remote Slackware host is missing a security update. File : Slackware_SSA_2009-170-01.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6531.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6506.nasl - Type : ACT_GATHER_INFO |
2009-06-19 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6603.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-6400.nasl - Type : ACT_GATHER_INFO |
2009-06-16 | Name : The remote Fedora host is missing a security update. File : fedora_2009-5977.nasl - Type : ACT_GATHER_INFO |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2024-11-28 23:11:05 |
|
2024-11-28 12:19:11 |
|
2021-05-05 01:06:00 |
|
2021-05-04 12:09:41 |
|
2021-04-22 01:10:02 |
|
2020-05-23 01:40:31 |
|
2020-05-23 00:23:54 |
|
2019-07-27 12:02:39 |
|
2019-07-18 12:02:43 |
|
2017-08-17 09:22:37 |
|
2017-03-24 12:00:57 |
|
2016-04-26 18:53:47 |
|
2014-12-16 13:24:30 |
|
2014-02-17 10:50:29 |
|
2013-11-11 12:38:20 |
|
2013-05-10 23:52:19 |
|