CVE-2009-2660

Related Files

Gentoo Linux Security Advisory 201006-2

Posted Jun 2, 2010

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-2 - Multiple integer overflows in CamlImages might result in the remote execution of arbitrary code. Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Versions less than 3.0.2 are affected.

tags | advisory, remote, overflow, arbitrary

systems | linux, gentoo

advisories | CVE-2009-2295, CVE-2009-2660, CVE-2009-3296

SHA-256 | 1ff36330b25690b14be6cce445be259367ecdd35ac1e820015ce28c6f8e38447

Download | Favorite | View

Debian Linux Security Advisory 1912-2

Posted Oct 26, 2009

Authored by Debian | Site debian.org

Debian Linux Security Advisory 1912-2 - Due to the fact that advi, an active DVI previewer and presenter, statically links against camlimages it was necessary to rebuilt it in order to incorporate the latest security fixes for camlimages, which could lead to integer overflows via specially crafted TIFF files (CVE-2009-3296) or GIFF and JPEG images (CVE-2009-2660).

tags | advisory, overflow

systems | linux, debian

advisories | CVE-2009-3296, CVE-2009-2660

SHA-256 | ba7b34b0bb05be6dd15df8083c54a4d732ff7cd274c08c9d1f9b0cbd29a04c52

Download | Favorite | View

Mandriva Linux Security Advisory 2009-286

Posted Oct 21, 2009

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-286 - Multiple overflow vulnerabilities has been found and corrected in ocaml-camlimages. This update fixes these vulnerabilities.

tags | advisory, overflow, vulnerability

systems | linux, mandriva

advisories | CVE-2009-2295, CVE-2009-2660, CVE-2009-3296

SHA-256 | 7189e0949df2a4ac282108e7ae86e6dc443133046bf9269368278a08429889c9

Download | Favorite | View

Debian Linux Security Advisory 1912-1

Posted Oct 17, 2009

Authored by Debian | Site debian.org

Debian Linux Security Advisory 1912-1 - It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images.

tags | advisory, overflow, arbitrary, code execution

systems | linux, debian

advisories | CVE-2009-3296, CVE-2009-2660

SHA-256 | 31731f304b793b7ccbd25713a9ee48a24f72bafd9f3d7d422dc85aaf6032eca5

Download | Favorite | View

Debian Linux Security Advisory 1857-1

Posted Aug 11, 2009

Authored by Debian | Site debian.org

Debian Security Advisory 1857-1 - Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of JPEG and GIF Images, while DSA 1832-1 addressed the issue with PNG images.

tags | advisory, overflow, arbitrary, code execution

systems | linux, debian

advisories | CVE-2009-2660

SHA-256 | 1d44415f372b8ae91eb8fbc2d0bd0eba67fd682a311176cb09fa045e50ae05bd

Download | Favorite | View