CVE-2009-2295 - Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to

CVE-2009-2295

Summary

Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.

References

http://secunia.com/advisories/35819
http://www.debian.org/security/2009/dsa-1832
http://www.ocert.org/advisories/ocert-2009-009.html
http://www.securityfocus.com/archive/1/504696/100/0/threaded
http://www.securityfocus.com/bid/35556
http://www.vupen.com/english/advisories/2009/1874

Vulnerable Configurations

cpe:2.3:a:jun_furuse:camlimages:*:*:*:*:*:*:*:*
cpe:2.3:a:jun_furuse:camlimages:*:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 10-10-2018 - 19:39)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	35556
bugtraq	20090702 [oCERT-2009-009] CamlImages integer overflows
debian	DSA-1832
misc	http://www.ocert.org/advisories/ocert-2009-009.html
secunia	35819
vupen	ADV-2009-1874

Last major update

10-10-2018 - 19:39

Published

05-07-2009 - 16:30

Last modified

10-10-2018 - 19:39