Gentoo Linux Security Advisory 201006-2 - Multiple integer overflows in CamlImages might result in the remote execution of arbitrary code. Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Versions less than 3.0.2 are affected.
1ff36330b25690b14be6cce445be259367ecdd35ac1e820015ce28c6f8e38447
Mandriva Linux Security Advisory 2009-286 - Multiple overflow vulnerabilities has been found and corrected in ocaml-camlimages. This update fixes these vulnerabilities.
7189e0949df2a4ac282108e7ae86e6dc443133046bf9269368278a08429889c9
Debian Security Advisory 1832-1 - Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.
b156bcfd1cb7f5cfb9cf3849e5419b7247d82fc194a43ba40aef48a67ffbc657
CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
6bce357007801b08db39f99787240e44b3e48ab2eb8fd2ac497872dcab4f8b7e