VYPR
Unrated severityNVD Advisory· Published Aug 31, 2011· Updated Jun 16, 2026

CVE-2009-5063

CVE-2009-5063

Description

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

7
  • Libpng/Libpng7 versions
    cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:libpng:libpng:*:*:*:*:*:*:*:*range: <=1.2.38
    • cpe:2.3:a:libpng:libpng:1.2.39:-:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.2.39:beta1:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.2.39:beta2:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.2.39:beta3:*:*:*:*:*:*
    • cpe:2.3:a:libpng:libpng:1.2.39:beta4:*:*:*:*:*:*
    • (no CPE)range: <1.2.39beta5

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.