[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[Bug 509531] New: CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)



Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.

Summary: CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)
Alias: CVE-2009-2295

https://bugzilla.redhat.com/show_bug.cgi?id=509531

           Summary: CVE-2009-2295 ocaml-camlimages: PNG reader multiple
                    integer overflows (oCERT-2009-009)
           Product: Security Response
           Version: unspecified
          Platform: All
        OS/Version: Linux
            Status: NEW
          Keywords: Security
          Severity: medium
          Priority: medium
         Component: vulnerability
        AssignedTo: security-response-team redhat com
        ReportedBy: thoger redhat com
                CC: rjones redhat com, fedora-ocaml-list redhat com
    Classification: Other
    Target Release: ---


oCERT advisory oCERT-2009-009 was published describing a flaw in
ocaml-camlimages:

  http://www.ocert.org/advisories/ocert-2009-009.html

  CamlImages, an open source image processing library, suffers from several
  integer overflows which may lead to a potentially exploitable heap
  overflow and result in arbitrary code execution.

  The vulnerability is triggered by PNG image parsing, the read_png_file
  and read_png_file_as_rgb24 functions do not properly validate the width
  and height of the image. Specific PNG images with large width and height
  can be crafted to trigger the vulnerability.

Issue was reported to affect both 2.2 and 3.0.1, which no upstream patch
available at the moment.

References:
http://thread.gmane.org/gmane.comp.security.oss.general/1882
http://bugs.gentoo.org/show_bug.cgi?id=276235

-- 
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]