|
|
|
|
| |
Credit:
The information has been provided by Tielei Wang.
The original article can be found at: http://www.ocert.org/advisories/ocert-2009-009.html
|
| |
Vulnerable Systems:
* CamlImages version 2.2 and prior
CVE Information:
CVE-2009-2295
CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. Specific PNG images with large width and height can be crafted to trigger the vulnerability.
Unfortunately oCERT has been unable to get feedback from CamlImages maintainers and the package seems unmaintained, it's therefore suggested to avoid CamlImages usage on production or any environment where strong security is needed.
Disclosure Timeline:
2009-05-21: vulnerability reported received
2009-05-21: contacted camlimages maintainers
2009-06-30: due to lack of feedback oCERT asks reporter to disclose the issue
2009-07-01: reporter agrees to disclosure
2009-07-02: advisory release
|
|
|
|
|
