The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with keywords, related to an implicit cast of the 0 character constant to a NULL pointer. NOTE: some sources incorrectly report this as a double free vulnerability.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libpng | Libpng | * | 1.0.42 (excluding) |
| Libpng | Libpng | 1.2.0 (including) | 1.2.34 (excluding) |
| Libpng | Ubuntu | dapper | * |
| Libpng | Ubuntu | devel | * |
| Libpng | Ubuntu | gutsy | * |
| Libpng | Ubuntu | hardy | * |
| Libpng | Ubuntu | intrepid | * |
| Libpng | Ubuntu | upstream | * |