Computer Security
[EN] securityvulns.ru no-pyccku


CamlImages library integer overflows
updated since 03.07.2009
Published:26.10.2009
Source:
SecurityVulns ID:10036
Type:library
Threat Level:
6/10
Description:Multiple overflows on PNG, TIFF, GIF, JPEG processing.
Affected:CAMLIMAGES : CamlImages 2.2
 ADVI : advi 1.6
CVE:CVE-2009-3296 (Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.)
 CVE-2009-2660 (Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.)
 CVE-2009-2295 (Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.)
Original documentdocumentDEBIAN, [SECURITY] [DSA 1912-2] New advi packages fix arbitrary code execution (26.10.2009)
 documentAndrea Barisani, [oCERT-2009-009] CamlImages integer overflows (03.07.2009)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod