NVD Vulnerability Detail

CVE-2009-0040

Summary	The PNG reference library (aka libpng) before 1.0.43, and 1.2.x before 1.2.35, as used in pngcrush and other applications, allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PNG file that triggers a free of an uninitialized pointer in (1) the png_read_png function, (2) pCAL chunk handling, or (3) setup of 16-bit gamma tables.
Summary	La libreria de referencia PNG (tambien conocida como libpng) anterior a v1.0.43, y v1.2.x anteriores a 1.2.35, utilizado en pngcrush y otras aplicaciones, lo que permite a atacantes dependientes de contexto producir una denegacion de servicio (caida de aplicacion) o posiblemente ejecutar codigo a traves de de un fichero PNG manipulado que inicia un puntero sin inicializar en (1) la funcion png_read_png, (2) manejador pCAL, o (3) instalacion de tablas de gamma de 16-bit.
Publication Date	Feb. 23, 2009, 7:30 a.m.
Registration Date	Jan. 29, 2021, 1:13 p.m.
Last Update	April 23, 2026, 9:35 a.m.

CVSS2.0 : MEDIUM
Score	6.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:P
攻撃元区分(AV)	ネットワーク
攻撃条件の複雑さ(AC)	中
攻撃前の認証要否(Au)	不要
機密性への影響(C)	低
完全性への影響(I)	低
可用性への影響(A)	低
Get all privileges.	いいえ
Get user privileges	いいえ
Get other privileges	いいえ
User operation required	いいえ

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libpng:libpng::::::::				1.0.43
cpe:2.3:a:libpng:libpng::::::::	1.2.0			1.2.35
cpe:2.3:o:apple:iphone_os::::::::				3.0
cpe:2.3:o:apple:mac_os_x::::::::				10.5.8
cpe:2.3:o:opensuse:opensuse:10.3:::::::*
cpe:2.3:o:opensuse:opensuse:11.0:::::::*
cpe:2.3:o:opensuse:opensuse:11.1:::::::*
cpe:2.3:o:suse:linux_enterprise:9.0:-::::::
cpe:2.3:o:suse:linux_enterprise:10.0:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp2::::::
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:o:fedoraproject:fedora:9:::::::*
cpe:2.3:o:fedoraproject:fedora:10:::::::*

Related information, measures and tools

No	URL	refsource
1	ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt	secalert@redhat.com
2	http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt	secalert@redhat.com
3	http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html	secalert@redhat.com
4	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	secalert@redhat.com
5	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	secalert@redhat.com
6	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	secalert@redhat.com
7	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html	secalert@redhat.com
8	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html	secalert@redhat.com
9	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html	secalert@redhat.com
10	http://lists.vmware.com/pipermail/security-announce/2009/000062.html	secalert@redhat.com
11	http://secunia.com/advisories/33970	secalert@redhat.com
12	http://secunia.com/advisories/33976	secalert@redhat.com
13	http://secunia.com/advisories/34137	secalert@redhat.com
14	http://secunia.com/advisories/34140	secalert@redhat.com
15	http://secunia.com/advisories/34143	secalert@redhat.com
16	http://secunia.com/advisories/34145	secalert@redhat.com
17	http://secunia.com/advisories/34152	secalert@redhat.com
18	http://secunia.com/advisories/34210	secalert@redhat.com
19	http://secunia.com/advisories/34265	secalert@redhat.com
20	http://secunia.com/advisories/34272	secalert@redhat.com
21	http://secunia.com/advisories/34320	secalert@redhat.com
22	http://secunia.com/advisories/34324	secalert@redhat.com
23	http://secunia.com/advisories/34388	secalert@redhat.com
24	http://secunia.com/advisories/34462	secalert@redhat.com
25	http://secunia.com/advisories/34464	secalert@redhat.com
26	http://secunia.com/advisories/35074	secalert@redhat.com
27	http://secunia.com/advisories/35258	secalert@redhat.com
28	http://secunia.com/advisories/35302	secalert@redhat.com
29	http://secunia.com/advisories/35379	secalert@redhat.com
30	http://secunia.com/advisories/35386	secalert@redhat.com
31	http://secunia.com/advisories/36096	secalert@redhat.com
32	http://security.gentoo.org/glsa/glsa-200903-28.xml	secalert@redhat.com
33	http://security.gentoo.org/glsa/glsa-201209-25.xml	secalert@redhat.com
34	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420	secalert@redhat.com
35	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952	secalert@redhat.com
36	http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com	secalert@redhat.com
37	http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441	secalert@redhat.com
38	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1	secalert@redhat.com
39	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1	secalert@redhat.com
40	http://support.apple.com/kb/HT3549	secalert@redhat.com
41	http://support.apple.com/kb/HT3613	secalert@redhat.com
42	http://support.apple.com/kb/HT3639	secalert@redhat.com
43	http://support.apple.com/kb/HT3757	secalert@redhat.com
44	http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm	secalert@redhat.com
45	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm	secalert@redhat.com
46	http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document	secalert@redhat.com
47	http://wiki.rpath.com/Advisories:rPSA-2009-0046	secalert@redhat.com
48	http://www.debian.org/security/2009/dsa-1750	secalert@redhat.com
49	http://www.debian.org/security/2009/dsa-1830	secalert@redhat.com
50	http://www.kb.cert.org/vuls/id/649212	secalert@redhat.com
51	http://www.mandriva.com/security/advisories?name=MDVSA-2009:051	secalert@redhat.com
52	http://www.mandriva.com/security/advisories?name=MDVSA-2009:075	secalert@redhat.com
53	http://www.mandriva.com/security/advisories?name=MDVSA-2009:083	secalert@redhat.com
54	http://www.redhat.com/support/errata/RHSA-2009-0315.html	secalert@redhat.com
55	http://www.redhat.com/support/errata/RHSA-2009-0325.html	secalert@redhat.com
56	http://www.redhat.com/support/errata/RHSA-2009-0333.html	secalert@redhat.com
57	http://www.redhat.com/support/errata/RHSA-2009-0340.html	secalert@redhat.com
58	http://www.securityfocus.com/archive/1/501767/100/0/threaded	secalert@redhat.com
59	http://www.securityfocus.com/archive/1/503912/100/0/threaded	secalert@redhat.com
60	http://www.securityfocus.com/archive/1/505990/100/0/threaded	secalert@redhat.com
61	http://www.securityfocus.com/bid/33827	secalert@redhat.com
62	http://www.securityfocus.com/bid/33990	secalert@redhat.com
63	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	secalert@redhat.com
64	http://www.us-cert.gov/cas/techalerts/TA09-218A.html	secalert@redhat.com
65	http://www.vmware.com/security/advisories/VMSA-2009-0007.html	secalert@redhat.com
66	http://www.vupen.com/english/advisories/2009/0469	secalert@redhat.com
67	http://www.vupen.com/english/advisories/2009/0473	secalert@redhat.com
68	http://www.vupen.com/english/advisories/2009/0632	secalert@redhat.com
69	http://www.vupen.com/english/advisories/2009/1297	secalert@redhat.com
70	http://www.vupen.com/english/advisories/2009/1451	secalert@redhat.com
71	http://www.vupen.com/english/advisories/2009/1462	secalert@redhat.com
72	http://www.vupen.com/english/advisories/2009/1522	secalert@redhat.com
73	http://www.vupen.com/english/advisories/2009/1560	secalert@redhat.com
74	http://www.vupen.com/english/advisories/2009/1621	secalert@redhat.com
75	http://www.vupen.com/english/advisories/2009/2172	secalert@redhat.com
76	https://exchange.xforce.ibmcloud.com/vulnerabilities/48819	secalert@redhat.com
77	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316	secalert@redhat.com
78	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458	secalert@redhat.com
79	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html	secalert@redhat.com
80	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html	secalert@redhat.com
81	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html	secalert@redhat.com
82	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html	secalert@redhat.com
83	ftp://ftp.simplesystems.org/pub/png/src/libpng-1.2.34-ADVISORY.txt	af854a3a-2127-422b-91ae-364da2661108
84	http://downloads.sourceforge.net/libpng/libpng-1.2.34-ADVISORY.txt	af854a3a-2127-422b-91ae-364da2661108
85	http://lists.apple.com/archives/security-announce/2009/Aug/msg00001.html	af854a3a-2127-422b-91ae-364da2661108
86	http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.html	af854a3a-2127-422b-91ae-364da2661108
87	http://lists.apple.com/archives/security-announce/2009/May/msg00002.html	af854a3a-2127-422b-91ae-364da2661108
88	http://lists.apple.com/archives/security-announce/2009/jun/msg00002.html	af854a3a-2127-422b-91ae-364da2661108
89	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00000.html	af854a3a-2127-422b-91ae-364da2661108
90	http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00002.html	af854a3a-2127-422b-91ae-364da2661108
91	http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00009.html	af854a3a-2127-422b-91ae-364da2661108
92	http://lists.vmware.com/pipermail/security-announce/2009/000062.html	af854a3a-2127-422b-91ae-364da2661108
93	http://secunia.com/advisories/33970	af854a3a-2127-422b-91ae-364da2661108
94	http://secunia.com/advisories/33976	af854a3a-2127-422b-91ae-364da2661108
95	http://secunia.com/advisories/34137	af854a3a-2127-422b-91ae-364da2661108
96	http://secunia.com/advisories/34140	af854a3a-2127-422b-91ae-364da2661108
97	http://secunia.com/advisories/34143	af854a3a-2127-422b-91ae-364da2661108
98	http://secunia.com/advisories/34145	af854a3a-2127-422b-91ae-364da2661108
99	http://secunia.com/advisories/34152	af854a3a-2127-422b-91ae-364da2661108
100	http://secunia.com/advisories/34210	af854a3a-2127-422b-91ae-364da2661108
101	http://secunia.com/advisories/34265	af854a3a-2127-422b-91ae-364da2661108
102	http://secunia.com/advisories/34272	af854a3a-2127-422b-91ae-364da2661108
103	http://secunia.com/advisories/34320	af854a3a-2127-422b-91ae-364da2661108
104	http://secunia.com/advisories/34324	af854a3a-2127-422b-91ae-364da2661108
105	http://secunia.com/advisories/34388	af854a3a-2127-422b-91ae-364da2661108
106	http://secunia.com/advisories/34462	af854a3a-2127-422b-91ae-364da2661108
107	http://secunia.com/advisories/34464	af854a3a-2127-422b-91ae-364da2661108
108	http://secunia.com/advisories/35074	af854a3a-2127-422b-91ae-364da2661108
109	http://secunia.com/advisories/35258	af854a3a-2127-422b-91ae-364da2661108
110	http://secunia.com/advisories/35302	af854a3a-2127-422b-91ae-364da2661108
111	http://secunia.com/advisories/35379	af854a3a-2127-422b-91ae-364da2661108
112	http://secunia.com/advisories/35386	af854a3a-2127-422b-91ae-364da2661108
113	http://secunia.com/advisories/36096	af854a3a-2127-422b-91ae-364da2661108
114	http://security.gentoo.org/glsa/glsa-200903-28.xml	af854a3a-2127-422b-91ae-364da2661108
115	http://security.gentoo.org/glsa/glsa-201209-25.xml	af854a3a-2127-422b-91ae-364da2661108
116	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.405420	af854a3a-2127-422b-91ae-364da2661108
117	http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.433952	af854a3a-2127-422b-91ae-364da2661108
118	http://sourceforge.net/mailarchive/message.php?msg_name=e56ccc8f0902181726i200f4bf0n20d919473ec409b7%40mail.gmail.com	af854a3a-2127-422b-91ae-364da2661108
119	http://sourceforge.net/project/shownotes.php?group_id=1689&release_id=662441	af854a3a-2127-422b-91ae-364da2661108
120	http://sunsolve.sun.com/search/document.do?assetkey=1-66-259989-1	af854a3a-2127-422b-91ae-364da2661108
121	http://sunsolve.sun.com/search/document.do?assetkey=1-77-1020521.1-1	af854a3a-2127-422b-91ae-364da2661108
122	http://support.apple.com/kb/HT3549	af854a3a-2127-422b-91ae-364da2661108
123	http://support.apple.com/kb/HT3613	af854a3a-2127-422b-91ae-364da2661108
124	http://support.apple.com/kb/HT3639	af854a3a-2127-422b-91ae-364da2661108
125	http://support.apple.com/kb/HT3757	af854a3a-2127-422b-91ae-364da2661108
126	http://support.avaya.com/elmodocs2/security/ASA-2009-069.htm	af854a3a-2127-422b-91ae-364da2661108
127	http://support.avaya.com/elmodocs2/security/ASA-2009-208.htm	af854a3a-2127-422b-91ae-364da2661108
128	http://support.avaya.com/japple/css/japple?temp.documentID=366362&temp.productID=154235&temp.releaseID=361845&temp.bucketID=126655&PAGE=Document	af854a3a-2127-422b-91ae-364da2661108
129	http://wiki.rpath.com/Advisories:rPSA-2009-0046	af854a3a-2127-422b-91ae-364da2661108
130	http://www.debian.org/security/2009/dsa-1750	af854a3a-2127-422b-91ae-364da2661108
131	http://www.debian.org/security/2009/dsa-1830	af854a3a-2127-422b-91ae-364da2661108
132	http://www.kb.cert.org/vuls/id/649212	af854a3a-2127-422b-91ae-364da2661108
133	http://www.mandriva.com/security/advisories?name=MDVSA-2009:051	af854a3a-2127-422b-91ae-364da2661108
134	http://www.mandriva.com/security/advisories?name=MDVSA-2009:075	af854a3a-2127-422b-91ae-364da2661108
135	http://www.mandriva.com/security/advisories?name=MDVSA-2009:083	af854a3a-2127-422b-91ae-364da2661108
136	http://www.redhat.com/support/errata/RHSA-2009-0315.html	af854a3a-2127-422b-91ae-364da2661108
137	http://www.redhat.com/support/errata/RHSA-2009-0325.html	af854a3a-2127-422b-91ae-364da2661108
138	http://www.redhat.com/support/errata/RHSA-2009-0333.html	af854a3a-2127-422b-91ae-364da2661108
139	http://www.redhat.com/support/errata/RHSA-2009-0340.html	af854a3a-2127-422b-91ae-364da2661108
140	http://www.securityfocus.com/archive/1/501767/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
141	http://www.securityfocus.com/archive/1/503912/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
142	http://www.securityfocus.com/archive/1/505990/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
143	http://www.securityfocus.com/bid/33827	af854a3a-2127-422b-91ae-364da2661108
144	http://www.securityfocus.com/bid/33990	af854a3a-2127-422b-91ae-364da2661108
145	http://www.us-cert.gov/cas/techalerts/TA09-133A.html	af854a3a-2127-422b-91ae-364da2661108
146	http://www.us-cert.gov/cas/techalerts/TA09-218A.html	af854a3a-2127-422b-91ae-364da2661108
147	http://www.vmware.com/security/advisories/VMSA-2009-0007.html	af854a3a-2127-422b-91ae-364da2661108
148	http://www.vupen.com/english/advisories/2009/0469	af854a3a-2127-422b-91ae-364da2661108
149	http://www.vupen.com/english/advisories/2009/0473	af854a3a-2127-422b-91ae-364da2661108
150	http://www.vupen.com/english/advisories/2009/0632	af854a3a-2127-422b-91ae-364da2661108
151	http://www.vupen.com/english/advisories/2009/1297	af854a3a-2127-422b-91ae-364da2661108
152	http://www.vupen.com/english/advisories/2009/1451	af854a3a-2127-422b-91ae-364da2661108
153	http://www.vupen.com/english/advisories/2009/1462	af854a3a-2127-422b-91ae-364da2661108
154	http://www.vupen.com/english/advisories/2009/1522	af854a3a-2127-422b-91ae-364da2661108
155	http://www.vupen.com/english/advisories/2009/1560	af854a3a-2127-422b-91ae-364da2661108
156	http://www.vupen.com/english/advisories/2009/1621	af854a3a-2127-422b-91ae-364da2661108
157	http://www.vupen.com/english/advisories/2009/2172	af854a3a-2127-422b-91ae-364da2661108
158	https://exchange.xforce.ibmcloud.com/vulnerabilities/48819	af854a3a-2127-422b-91ae-364da2661108
159	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10316	af854a3a-2127-422b-91ae-364da2661108
160	https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6458	af854a3a-2127-422b-91ae-364da2661108
161	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00272.html	af854a3a-2127-422b-91ae-364da2661108
162	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00412.html	af854a3a-2127-422b-91ae-364da2661108
163	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00769.html	af854a3a-2127-422b-91ae-364da2661108
164	https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00771.html	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-824	初期化されていないポインタのアクセス	https://cwe.mitre.org/data/definitions/824.html

JVN Vulnerability Information

libpng が適切にエレメントポインタを初期化しない脆弱性

Title	libpng が適切にエレメントポインタを初期化しない脆弱性
Summary	libpng にはエレメントポインタが適切に初期化されない脆弱性が存在します。 libpng のエレメントポインタの処理において脆弱性が存在し、エレメントポインタが適切に初期化されない可能性があります。本脆弱性は libpng-0.89c に含まれる複数の関数における off-by-one エラーに起因します。PNG Development Group から以下の情報が提供されています。 If the application runs out of memory during the loop, some of the element pointers will be uninitialized. Libpng will then longjmp to a cleanup process that attempts to free all of the elements in the array, including the uninitialized ones. This behavior could be forced by a malevolent input.
Possible impacts	遠隔の第三者によって任意のコードを実行されたり、サービス運用妨害 (DoS) 攻撃を受けるなどの可能性があります。
Solution	[アップデートする] 開発者が提供する情報をもとに最新版へアップデートしてください。
Publication Date	March 4, 2009, midnight
Registration Date	March 30, 2009, 1:23 p.m.
Last Update	April 18, 2012, 5:54 p.m.

Affected System

サン・マイクロシステムズ

OpenSolaris (sparc)

OpenSolaris (x86)

Sun Solaris 10 (sparc)

Sun Solaris 10 (x86)

Sun Solaris 9 (sparc)

Sun Solaris 9 (x86)

レッドハット

Red Hat Enterprise Linux 2.1 (as)

Red Hat Enterprise Linux 2.1 (es)

Red Hat Enterprise Linux 2.1 (ws)

Red Hat Enterprise Linux 3 (as)

Red Hat Enterprise Linux 3 (es)

Red Hat Enterprise Linux 3 (ws)

Red Hat Enterprise Linux 4 (as)

Red Hat Enterprise Linux 4 (es)

Red Hat Enterprise Linux 4 (ws)

Red Hat Enterprise Linux 5 (server)

Red Hat Enterprise Linux Desktop 3.0

Red Hat Enterprise Linux Desktop 4.0

Red Hat Enterprise Linux Desktop 5.0 (client)

Red Hat Linux Advanced Workstation 2.1

RHEL Desktop Workstation 5 (client)

Mozilla Foundation

Mozilla Firefox 3.0.7 未満

Mozilla SeaMonkey 1.1.15 未満

Mozilla Thunderbird 2.0.0.21 未満

サイバートラスト株式会社

Asianux Server 2.0

Asianux Server 2.1

Asianux Server 3 (x86)

Asianux Server 3 (x86-64)

Asianux Server 3.0

Asianux Server 3.0 (x86-64)

Asianux Server 4.0

Asianux Server 4.0 (x86-64)

アップル

Apple Mac OS X v10.4.11

Apple Mac OS X v10.5 から v10.5.7

Apple Mac OS X Server v10.4.11

Apple Mac OS X Server v10.5 から v10.5.7

iOS 1.0 から 2.2.1

iOS for iPod touch 1.１から 2.2.1

Safari Safari 4.0 未満

ニュートン

ImageKit 7 ActiveX

ImageKit 7 VCL

PostKit 2

フェンリル株式会社

PictBear 2.0 未満

PNG Development Group

libpng 1.0.43 より前のバージョン

libpng 1.2.35 より前のバージョン

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2009-0040	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0040
National Vulnerability Database (NVD)
2	CVE-2009-0040	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0040

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-94	https://jvndb.jvn.jp/ja/cwe/CWE-94.html

ベンダー情報

No	Name	URL
Apple Security Updates
1	HT3549	http://support.apple.com/kb/HT3549
2	HT3613	http://support.apple.com/kb/HT3613
3	HT3639	http://support.apple.com/kb/HT3639
4	HT3757	http://support.apple.com/kb/HT3757
Apple セキュリティアップデート
5	HT3549	http://support.apple.com/kb/HT3549?viewlocale=ja_JP
6	HT3613	http://support.apple.com/kb/HT3613?viewlocale=ja_JP
7	HT3639	http://support.apple.com/kb/HT3639?viewlocale=ja_JP
8	HT3757	http://support.apple.com/kb/HT3757?viewlocale=ja_JP
Asianux Technical Support Network
9	libpng-1.2.10-7.1.2.1AXS3	https://tsn.miraclelinux.com/tsn_local/index.php?m=errata&a=detail&eid=409
libpng.org
10	libpng Home Page	http://www.libpng.org/pub/png/libpng.html
MIRACLE LINUX アップデート情報
11	1685	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1685
12	1686	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1686
13	1687	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1687
14	1707	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1707
15	1708	http://www.miraclelinux.com/support/index.php?q=node/99&errata_id=1708
Mozilla Foundation Security Advisory
16	mfsa2009-10	http://www.mozilla.org/security/announce/2009/mfsa2009-10.html
Mozilla Foundation セキュリティアドバイザリ
17	mfsa2009-10	http://www.mozilla-japan.org/security/announce/2009/mfsa2009-10.html
Red Hat Security Advisory
18	RHSA-2009:0333	https://rhn.redhat.com/errata/RHSA-2009-0333.html
19	RHSA-2009:0340	https://rhn.redhat.com/errata/RHSA-2009-0340.html
SECURITY BLOG
20	Multiple Denial of Service vulnerabilities in libpng	https://blogs.oracle.com/sunsecurity/entry/multiple_denial_of_service_vulnerabilities6
Sun Alert Notification
21	259989	http://download.oracle.com/sunalerts/1020521.1.html
フェンリル株式会社
22	pictbear	http://www.fenrir.co.jp/pictbear/
レッドハットセキュリティーアップデート
23	RHSA-2009:0333	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0333J.html
24	RHSA-2009:0340	https://www.jp.redhat.com/support/errata/RHSA/RHSA-2009-0340J.html
富士通セキュリティ情報
25	TA09-218A	http://software.fujitsu.com/jp/security/vulnerabilities/ta09-218a.html
26	VU#649212	http://software.fujitsu.com/jp/security/vulnerabilities/vu649212.html
株式会社ニュートン
27	supportik7AX	http://www.newtone.co.jp/supportik7AX.html
28	supportik7vcl	http://www.newtone.co.jp/supportik7vcl.html
29	supportpk2	http://www.newtone.co.jp/supportpk2.html

その他

No	Name	URL
ISS X-Force Database
1	48819	http://xforce.iss.net/xforce/xfdb/48819
JVN
2	JVNTA09-218A	https://jvn.jp/cert/JVNTA09-218A/index.html
3	JVNVU#649212	http://jvn.jp/cert/JVNVU649212/index.html
JVN Status Tracking Notes
4	JVNTR-2009-20	http://jvn.jp/tr/JVNTR-2009-20
Secunia Advisory
5	SA33970	http://secunia.com/advisories/33970/
6	SA34145	http://secunia.com/advisories/34145/
SecurityFocus
7	33827	http://www.securityfocus.com/bid/33827
US-CERT Cyber Security Alerts
8	SA09-218A	http://www.us-cert.gov/cas/alerts/SA09-218A.html
US-CERT Technical Cyber Security Alert
9	TA09-218A	http://www.us-cert.gov/cas/techalerts/TA09-218A.html
US-CERT Vulnerability Note
10	VU#649212	http://www.kb.cert.org/vuls/id/649212
VUPEN Security
11	VUPEN/ADV-2009-0469	http://www.vupen.com/english/advisories/2009/0469

Change Log

No	Changed Details	Date of change
0	[2009年03月30日] 掲載 [2009年05月29日] 影響を受けるシステム：アップル (HT3549) の情報を追加ベンダ情報：アップル (HT3549) を追加ベンダ情報：ミラクル・リナックス (1707) を追加ベンダ情報：ミラクル・リナックス (1708) を追加 [2009年07月02日] 影響を受けるシステム：アップル (HT3613) の情報を追加影響を受けるシステム：アップル (HT3639) の情報を追加影響を受けるシステム：サン・マイクロシステムズ (259989) の情報を追加ベンダ情報：アップル (HT3613) を追加ベンダ情報：アップル (HT3639) を追加ベンダ情報：サン・マイクロシステムズ (259989) を追加 [2009年09月02日] 影響を受けるシステム：アップル (HT3757) の情報を追加ベンダ情報：アップル (HT3757) を追加 [2012年04月18日] ベンダ情報：オラクル (Multiple Denial of Service vulnerabilities in libpng) を追加	Feb. 17, 2018, 10:37 a.m.

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:libpng:libpng::::::::				1.0.43
cpe:2.3:a:libpng:libpng::::::::	1.2.0			1.2.35
cpe:2.3:o:apple:iphone_os::::::::				3.0
cpe:2.3:o:apple:mac_os_x::::::::				10.5.8
cpe:2.3:o:opensuse:opensuse:10.3:::::::*
cpe:2.3:o:opensuse:opensuse:11.0:::::::*
cpe:2.3:o:opensuse:opensuse:11.1:::::::*
cpe:2.3:o:suse:linux_enterprise:9.0:-::::::
cpe:2.3:o:suse:linux_enterprise:10.0:-::::::
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2::::::
cpe:2.3:o:suse:linux_enterprise_server:10:sp2::::::
cpe:2.3:o:debian:debian_linux:4.0:::::::*
cpe:2.3:o:debian:debian_linux:5.0:::::::*
cpe:2.3:o:fedoraproject:fedora:9:::::::*
cpe:2.3:o:fedoraproject:fedora:10:::::::*