[Bug 509531] New: CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)
bugzilla at redhat.com
bugzilla at redhat.com
Fri Jul 3 10:37:05 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
Summary: CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009)
Alias: CVE-2009-2295
https://bugzilla.redhat.com/show_bug.cgi?id=509531
Summary: CVE-2009-2295 ocaml-camlimages: PNG reader multiple
integer overflows (oCERT-2009-009)
Product: Security Response
Version: unspecified
Platform: All
OS/Version: Linux
Status: NEW
Keywords: Security
Severity: medium
Priority: medium
Component: vulnerability
AssignedTo: security-response-team at redhat.com
ReportedBy: thoger at redhat.com
CC: rjones at redhat.com, fedora-ocaml-list at redhat.com
Classification: Other
Target Release: ---
oCERT advisory oCERT-2009-009 was published describing a flaw in
ocaml-camlimages:
http://www.ocert.org/advisories/ocert-2009-009.html
CamlImages, an open source image processing library, suffers from several
integer overflows which may lead to a potentially exploitable heap
overflow and result in arbitrary code execution.
The vulnerability is triggered by PNG image parsing, the read_png_file
and read_png_file_as_rgb24 functions do not properly validate the width
and height of the image. Specific PNG images with large width and height
can be crafted to trigger the vulnerability.
Issue was reported to affect both 2.2 and 3.0.1, which no upstream patch
available at the moment.
References:
http://thread.gmane.org/gmane.comp.security.oss.general/1882
http://bugs.gentoo.org/show_bug.cgi?id=276235
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-ocaml-list
mailing list