CamlImages library integer overflows updated since 03.07.2009
Published:		26.10.2009
Source:		BUGTRAQ
SecurityVulns ID:		10036
Type:		library
Level:		6/10
Description:		Multiple overflows on PNG, TIFF, GIF, JPEG processing.

Affected:		CAMLIMAGES : CamlImages 2.2
		ADVI : advi 1.6
CVE:		CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.)
		CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.)
		CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.)

Original document		DEBIAN, [SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution (26.10.2009)
		Andrea Barisani, [oCERT-2009-009] CamlImages integer overflows (03.07.2009)

Discuss:

Read or add your comments to this news (0 comments)