exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Mono libgdiplus Image Processing Three Integer Overflows

Mono libgdiplus Image Processing Three Integer Overflows
Posted Aug 24, 2010
Authored by Stefan Cornelius | Site secunia.com

Secunia Research has discovered three integer overflow vulnerabilities in libgdiplus for Mono, which can be exploited by malicious people to compromise an application using the library. Version 2.6.7 is affected.

tags | advisory, overflow, vulnerability
advisories | CVE-2010-1526
SHA-256 | ea9c0dd4e0ae6caef818713363a025771127f81ca5d4db62da1b8b3654b2e0ee

Mono libgdiplus Image Processing Three Integer Overflows

Change Mirror Download
====================================================================== 

Secunia Research 23/08/2010

- Mono libgdiplus Image Processing Three Integer Overflows -

======================================================================
Table of Contents

Affected Software....................................................1
Severity.............................................................2
Vendor's Description of Software.....................................3
Description of Vulnerability.........................................4
Solution.............................................................5
Time Table...........................................................6
Credits..............................................................7
References...........................................................8
About Secunia........................................................9
Verification........................................................10

======================================================================
1) Affected Software

* libgdiplus 2.6.7

NOTE: Other versions may also be affected.

======================================================================
2) Severity

Rating: Moderately critical
Impact: System access
Where: Remote

======================================================================
3) Vendor's Description of Software

"Libgdiplus is the Mono library that provide a GDI+ comptible API on
non-Windows operating systems".

Product Link:
http://www.mono-project.com/Libgdiplus

======================================================================
4) Description of Vulnerability

Secunia Research has discovered three vulnerabilities in libgdiplus
for Mono, which can be exploited by malicious people to compromise an
application using the library.

1) An integer overflow error within the "gdip_load_tiff_image()"
function in src/tiffcodec.c can be exploited to cause a heap-based
buffer overflow by e.g. processing specially crafted TIFF images in
an application using the library.

2) An integer overflow error within the
"gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be
exploited to cause a heap-based buffer overflow by e.g. processing
specially crafted JPEG images in an application using the library.

3) An integer overflow error within the "gdip_read_bmp_image()"
function in src/bmpcodec.c can be exploited to cause a heap-based
buffer overflow by e.g. processing specially crafted BMP images in an
application using the library.

======================================================================
5) Solution

Do not process untrusted images in an application using the library.

======================================================================
6) Time Table

12/08/2010 - Vendor notified.
12/08/2010 - Vendor response.
19/08/2010 - Accidental public disclosure by an involved party.
23/08/2010 - Public disclosure.

======================================================================
7) Credits

Discovered by Stefan Cornelius, Secunia Research.

======================================================================
8) References

The Common Vulnerabilities and Exposures (CVE) project has assigned
CVE-2010-1526 for the vulnerabilities.

======================================================================
9) About Secunia

Secunia offers vulnerability management solutions to corporate
customers with verified and reliable vulnerability intelligence
relevant to their specific system configuration:

http://secunia.com/advisories/business_solutions/

Secunia also provides a publicly accessible and comprehensive advisory
database as a service to the security community and private
individuals, who are interested in or concerned about IT-security.

http://secunia.com/advisories/

Secunia believes that it is important to support the community and to
do active vulnerability research in order to aid improving the
security and reliability of software in general:

http://secunia.com/secunia_research/

Secunia regularly hires new skilled team members. Check the URL below
to see currently vacant positions:

http://secunia.com/corporate/jobs/

Secunia offers a FREE mailing list called Secunia Security Advisories:

http://secunia.com/advisories/mailing_lists/

======================================================================
10) Verification

Please verify this advisory by visiting the Secunia website:
http://secunia.com/secunia_research/2010-102/

Complete list of vulnerability reports published by Secunia Research:
http://secunia.com/secunia_research/

======================================================================
Login or Register to add favorites

File Archive:

September 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    23 Files
  • 2
    Sep 2nd
    12 Files
  • 3
    Sep 3rd
    0 Files
  • 4
    Sep 4th
    0 Files
  • 5
    Sep 5th
    10 Files
  • 6
    Sep 6th
    8 Files
  • 7
    Sep 7th
    30 Files
  • 8
    Sep 8th
    14 Files
  • 9
    Sep 9th
    26 Files
  • 10
    Sep 10th
    0 Files
  • 11
    Sep 11th
    0 Files
  • 12
    Sep 12th
    5 Files
  • 13
    Sep 13th
    28 Files
  • 14
    Sep 14th
    15 Files
  • 15
    Sep 15th
    17 Files
  • 16
    Sep 16th
    9 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    12 Files
  • 20
    Sep 20th
    15 Files
  • 21
    Sep 21st
    20 Files
  • 22
    Sep 22nd
    13 Files
  • 23
    Sep 23rd
    12 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    30 Files
  • 27
    Sep 27th
    27 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close