Bug 24399 - CVE-2010-1526: Mono libgdiplus Image Processing Integer Overflow Vulnerabilities
Summary: CVE-2010-1526: Mono libgdiplus Image Processing Integer Overflow Vulnerabilities
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: libgdiplus (show other bugs)
Version: unstable
Hardware: all Linux
: P3 blocker
Assignee: Alexey Shabalin
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/40792
Keywords: security
Depends on:
Blocks:
 
Reported: 2010-10-23 21:02 MSD by Vladimir Lettiev
Modified: 2011-03-14 14:17 MSK (History)
6 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2010-10-23 21:02:06 MSD
1) An integer overflow error within the "gdip_load_tiff_image()" function in src/tiffcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted TIFF images in an application using the library.

2) An integer overflow error within the "gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted JPEG images in an application using the library.

3) An integer overflow error within the "gdip_read_bmp_image()" function in src/bmpcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted BMP images in an application using the library.

The vulnerabilities are confirmed in version 2.6.7. Other versions may also be affected.

Fixed in git: http://github.com/mono/libgdiplus/commit/6779fbf994d5270720ccb1687ba8b004e20a1821
Comment 1 Repository Robot 2011-03-14 14:17:35 MSK
libgdiplus-2.6.7-alt2 -> sisyphus:

* Mon Mar 14 2011 Alexey Shabalin <shaba@altlinux> 2.6.7-alt2
- snapshot of 2.6 branch (20101015)
- fixed CVE-2010-1526 (ALT #24399)