Debian Bug report logs - #533676
libpng: CVE-2009-2042 "out-of-bounds pixels" vulnerability

version graph

Package: libpng; Maintainer for libpng is Anibal Monsalve Salazar <anibal@debian.org>;

Reported by: Michael S Gilbert <michael.s.gilbert@gmail.com>

Date: Fri, 19 Jun 2009 18:09:04 UTC

Severity: serious

Tags: security

Found in version 1.2.15~beta5-1+etch2

Fixed in version libpng/1.2.27-2+lenny3

Done: Giuseppe Iuculano <iuculano@debian.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Anibal Monsalve Salazar <anibal@debian.org>:
Bug#533676; Package libpng. (Fri, 19 Jun 2009 18:09:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael S Gilbert <michael.s.gilbert@gmail.com>:
New Bug report received and forwarded. Copy sent to Anibal Monsalve Salazar <anibal@debian.org>. (Fri, 19 Jun 2009 18:09:07 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Michael S Gilbert <michael.s.gilbert@gmail.com>
To: submit@bugs.debian.org
Subject: libpng: CVE-2009-2042 "out-of-bounds pixels" vulnerability
Date: Fri, 19 Jun 2009 14:07:04 -0400
Package: libpng
Version: 1.2.15~beta5-1+etch2
Severity: serious
Tags: security

Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for libpng.

CVE-2009-2042[0]:
| libpng before 1.2.37 does not properly parse 1-bit interlaced images
| with width values that are not divisible by 8, which causes libpng to
| include uninitialized bits in certain rows of a PNG file and might
| allow remote attackers to read portions of sensitive memory via
| "out-of-bounds pixels" in the file.

If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.

This is already fixed in the version of unstable.  Please coordinate
with the security team to prepare updates for the stable releases.
Thank you.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2042
    http://security-tracker.debian.net/tracker/CVE-2009-2042




Reply sent to Giuseppe Iuculano <iuculano@debian.org>:
You have taken responsibility. (Sat, 17 Apr 2010 14:00:05 GMT) Full text and rfc822 format available.

Notification sent to Michael S Gilbert <michael.s.gilbert@gmail.com>:
Bug acknowledged by developer. (Sat, 17 Apr 2010 14:00:05 GMT) Full text and rfc822 format available.

Message #10 received at 533676-close@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <iuculano@debian.org>
To: 533676-close@bugs.debian.org
Subject: Bug#533676: fixed in libpng 1.2.27-2+lenny3
Date: Sat, 17 Apr 2010 13:57:22 +0000
Source: libpng
Source-Version: 1.2.27-2+lenny3

We believe that the bug you reported is fixed in the latest version of
libpng, which is due to be installed in the Debian FTP archive:

libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
  to main/libp/libpng/libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
libpng12-0_1.2.27-2+lenny3_i386.deb
  to main/libp/libpng/libpng12-0_1.2.27-2+lenny3_i386.deb
libpng12-dev_1.2.27-2+lenny3_i386.deb
  to main/libp/libpng/libpng12-dev_1.2.27-2+lenny3_i386.deb
libpng3_1.2.27-2+lenny3_all.deb
  to main/libp/libpng/libpng3_1.2.27-2+lenny3_all.deb
libpng_1.2.27-2+lenny3.diff.gz
  to main/libp/libpng/libpng_1.2.27-2+lenny3.diff.gz
libpng_1.2.27-2+lenny3.dsc
  to main/libp/libpng/libpng_1.2.27-2+lenny3.dsc



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 533676@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Giuseppe Iuculano <iuculano@debian.org> (supplier of updated libpng package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Sun, 11 Apr 2010 11:40:33 +0200
Source: libpng
Binary: libpng12-0 libpng12-dev libpng3 libpng12-0-udeb
Architecture: source i386 all
Version: 1.2.27-2+lenny3
Distribution: stable-security
Urgency: high
Maintainer: Anibal Monsalve Salazar <anibal@debian.org>
Changed-By: Giuseppe Iuculano <iuculano@debian.org>
Description: 
 libpng12-0 - PNG library - runtime
 libpng12-0-udeb - PNG library - minimal runtime library (udeb)
 libpng12-dev - PNG library - development
 libpng3    - PNG library - runtime
Closes: 533676 572308
Changes: 
 libpng (1.2.27-2+lenny3) stable-security; urgency=high
 .
   * Non-maintainer upload by the Security Team.
   * Fixed CVE-2009-2042: does not properly parse 1-bit interlaced images with
     width values that are not divisible by 8, which causes libpng to include
     uninitialized bits in certain rows of a PNG file and might allow remote
     attackers to read portions of sensitive memory via "out-of-bounds pixels"
     in the file (Closes: 533676)
   * Fixed CVE-2010-0205: does not properly handle compressed ancillary-chunk
     data that has a disproportionately large uncompressed representation, which
     allows remote attackers to cause a denial of service (memory and CPU
     consumption, and  application hang) via a crafted PNG file (Closes: #572308)
Checksums-Sha1: 
 ac10acd3f8efd69cc5fbbd7e55203ef0d5e5ae2e 1201 libpng_1.2.27-2+lenny3.dsc
 38f09128f75ee5d6aa75862aa4c7421f9e78dbc1 19687 libpng_1.2.27-2+lenny3.diff.gz
 cba40031775fa9e1f68dc6f7ec64d2c548b1dfd6 165560 libpng12-0_1.2.27-2+lenny3_i386.deb
 2b2799afc21123254c1c4f8cc23a02f685db1dd8 246968 libpng12-dev_1.2.27-2+lenny3_i386.deb
 777ae91ecbafa1373426c405131980b728dd41b8 880 libpng3_1.2.27-2+lenny3_all.deb
 8ac89dbc40806220dce62850d97af7a5404a4fc1 70094 libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Checksums-Sha256: 
 d6faba268d2e00c73632b5ad3df2da351dcf82966557e5f7e750a5287165b667 1201 libpng_1.2.27-2+lenny3.dsc
 4a5a1ad1b9d98914fd7c10fc2a1cf146847acdf44e6e0477fc16d9fd05e3d333 19687 libpng_1.2.27-2+lenny3.diff.gz
 832a13f92f0c62199fdf1584be739f0efe3c2365d4dd2f9e62b66ac8a33b48f0 165560 libpng12-0_1.2.27-2+lenny3_i386.deb
 fb9e5141f31f0ea50eea9b21ec79065e78604f6a91b32288028ca1a0d07f3b2e 246968 libpng12-dev_1.2.27-2+lenny3_i386.deb
 be470a354466cdedd245d4ca652ba94df4564b6f68ff32eef10c5a46d9cb5e93 880 libpng3_1.2.27-2+lenny3_all.deb
 4a5430f9ed571b246bf2ebe96c36e1641147fd0909963a4bf494d5b3f49d5cd7 70094 libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Files: 
 abe81b0d3c4aa7a1fa418e29f2c5b297 1201 libs optional libpng_1.2.27-2+lenny3.dsc
 60ede1843ceb8a1f127c54b847a74dfa 19687 libs optional libpng_1.2.27-2+lenny3.diff.gz
 233945ee4b1e442357276431ce495a4c 165560 libs optional libpng12-0_1.2.27-2+lenny3_i386.deb
 083d472fd65f884c91dff5926e538342 246968 libdevel optional libpng12-dev_1.2.27-2+lenny3_i386.deb
 028b00e28aad8282714776c5dcca64a8 880 oldlibs optional libpng3_1.2.27-2+lenny3_all.deb
 769336f4574678e56931e1a1eaf6be6a 70094 debian-installer extra libpng12-0-udeb_1.2.27-2+lenny3_i386.udeb
Package-Type: udeb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAkvBnUUACgkQNxpp46476ao8qgCcCMk58l27EAR9VZ/MIKCHRceo
L3UAnRHFyBHdCWCUV6bBtFZZ7Kl1TaMg
=oDjc
-----END PGP SIGNATURE-----





Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 16 May 2010 07:36:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Sat Apr 19 02:32:57 2014; Machine Name: buxtehude.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.