diff options
author | Lars Balker Rasmussen <lbr@FreeBSD.org> | 2007-04-30 17:51:53 +0000 |
---|---|---|
committer | Lars Balker Rasmussen <lbr@FreeBSD.org> | 2007-04-30 17:51:53 +0000 |
commit | 77e127836aa497e4cc8f40ed79adda9f7a01440f (patch) | |
tree | 65857104d93d2b1e831a0e839131c6e9f7c0a7af /security/vuxml | |
parent | 98786cd7776b663653d66e8e400143e11e11cf35 (diff) |
Update to 0.57 - fixes possible overflow vulnerability regarding malformed
BMPs, see vuln.xml for details.
Security: VuXML ID: 632c98be-aad2-4af2-849f-41a6862afd6a
Notes
Notes:
svn path=/head/; revision=191218
Diffstat (limited to 'security/vuxml')
-rw-r--r-- | security/vuxml/vuln.xml | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 758ce0bb7d29..ebf2fab4b811 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,39 @@ Note: Please add new entries to the beginning of this file. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="632c98be-aad2-4af2-849f-41a6862afd6a"> + <topic>p5-Imager - possibly exploitable buffer overflow</topic> + <affects> + <package> + <name>p5-Imager</name> + <range><lt>0.57</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description</h1> + <p>Imager 0.56 and all earlier versions with BMP support have + security issue when reading compressed 8-bit per pixel BMP + files where either a compressed run of data or a literal run + of data overflows the scan-line.</p> + <p>Such an overflow causes a buffer overflow in a malloc() + allocated memory buffer, possibly corrupting the memory arena + headers.</p> + <p>The effect depends on your system memory allocator, with glibc + this typically results in an abort, but with other memory + allocators it may be possible to cause local code execution.</p> + </body> + </description> + <references> + <url>https://rt.cpan.org/Public/Bug/Display.html?id=26811</url> + <url>http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html</url> + </references> + <dates> + <discovery>2007-04-04</discovery> + <entry>2007-04-30</entry> + </dates> + </vuln> + <vuln vid="275b845e-f56c-11db-8163-000e0c2e438a"> <topic>FreeBSD -- IPv6 Routing Header 0 is dangerous</topic> <affects> |