exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2009-3296

Status Candidate

Overview

Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.

Related Files

Gentoo Linux Security Advisory 201006-2
Posted Jun 2, 2010
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201006-2 - Multiple integer overflows in CamlImages might result in the remote execution of arbitrary code. Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Versions less than 3.0.2 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2009-2295, CVE-2009-2660, CVE-2009-3296
SHA-256 | 1ff36330b25690b14be6cce445be259367ecdd35ac1e820015ce28c6f8e38447
Debian Linux Security Advisory 1912-2
Posted Oct 26, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1912-2 - Due to the fact that advi, an active DVI previewer and presenter, statically links against camlimages it was necessary to rebuilt it in order to incorporate the latest security fixes for camlimages, which could lead to integer overflows via specially crafted TIFF files (CVE-2009-3296) or GIFF and JPEG images (CVE-2009-2660).

tags | advisory, overflow
systems | linux, debian
advisories | CVE-2009-3296, CVE-2009-2660
SHA-256 | ba7b34b0bb05be6dd15df8083c54a4d732ff7cd274c08c9d1f9b0cbd29a04c52
Mandriva Linux Security Advisory 2009-286
Posted Oct 21, 2009
Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2009-286 - Multiple overflow vulnerabilities has been found and corrected in ocaml-camlimages. This update fixes these vulnerabilities.

tags | advisory, overflow, vulnerability
systems | linux, mandriva
advisories | CVE-2009-2295, CVE-2009-2660, CVE-2009-3296
SHA-256 | 7189e0949df2a4ac282108e7ae86e6dc443133046bf9269368278a08429889c9
Debian Linux Security Advisory 1912-1
Posted Oct 17, 2009
Authored by Debian | Site debian.org

Debian Linux Security Advisory 1912-1 - It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images.

tags | advisory, overflow, arbitrary, code execution
systems | linux, debian
advisories | CVE-2009-3296, CVE-2009-2660
SHA-256 | 31731f304b793b7ccbd25713a9ee48a24f72bafd9f3d7d422dc85aaf6032eca5
Page 1 of 1
Back1Next

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    11 Files
  • 8
    Dec 8th
    36 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close