[Secure-testing-team] Bug#584933: CVE-2010-1513
Moritz Muehlenhoff
jmm at debian.org
Mon Jun 7 16:18:53 UTC 2010
Package: ziproxy
Severity: grave
Tags: security
Hi,
the following security has been reported against ziproxy:
CVE-2010-1513
Multiple integer overflows in src/image.c in Ziproxy before 3.0.1
allow remote attackers to execute arbitrary code via (1) a large JPG
image, related to the jpg2bitmap function or (2) a large PNG image,
related to the png2bitmap function, leading to heap-based buffer
overflows.
This is fixed in 3.0.1.
Cheers,
Moritz
-- System Information:
Debian Release: squeeze/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=de_DE.ISO-8859-15 at euro (charmap=ISO-8859-15)
Shell: /bin/sh linked to /bin/bash
Versions of packages ziproxy depends on:
ii libc6 2.10.2-9 Embedded GNU C Library: Shared lib
ii libgif4 4.1.6-9 library for GIF images (library)
ii libjasper1 1.900.1-7 The JasPer JPEG-2000 runtime libra
ii libjpeg62 6b-16.1 The Independent JPEG Group's JPEG
ii libpng12-0 1.2.43-1 PNG library - runtime
ii zlib1g 1:1.2.3.4.dfsg-3 compression library - runtime
ziproxy recommends no packages.
ziproxy suggests no packages.
More information about the Secure-testing-team
mailing list