正文

CamlImages GIF和JPEG图形解析整数溢出漏洞

admin
admin V管理员 /0 评论 /8 阅读
0105
此篇文章发布距今已超过1279天,您需要注意文章的内容或图片是否可用!

漏洞信息详情

CamlImages GIF和JPEG图形解析整数溢出漏洞

  • CNNVD编号:CNNVD-200908-022
    • <!--
  • 危害等级: 中危-->
  • 危害等级: 中危
  • CVE编号: CVE-2009-2660
  • 漏洞类型: 数字错误
  • 发布时间: 2009-07-25
  • 威胁类型: 远程
  • 更新时间: 2009-10-22
  • 厂        商: jun_furuse
  • 漏洞来源: Tielei Wang※ wangt...

漏洞简介

CamlImages是一个开放源码的图形处理库。

CamlImages的gifread.c和jpegread.c文件中存在多个可导致堆溢出的整数溢出漏洞。攻击者可以通过诱骗用户打开设置了超长宽度和高度值的GIF或JPEG图形来触发这个溢出,导致执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:

Debian Linux 4.0 amd64

Debian libcamlimages-ocaml-dev_2.20-8+etch1_amd64.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch1_amd64.deb

Debian libcamlimages-ocaml-dev_2.20-8+etch2_amd64.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch2_amd64.deb

Debian libcamlimages-ocaml-dev_2.20-8+etch3_amd64.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch3_amd64.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch1_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch1_all.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch2_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch2_all.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch3_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch3_all.deb

Debian libcamlimages-ocaml_2.20-8+etch1_amd64.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_amd64.deb

Debian libcamlimages-ocaml_2.20-8+etch2_amd64.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_amd64.deb

Debian libcamlimages-ocaml_2.20-8+etch3_amd64.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_amd64.deb

Debian Linux 4.0 ia-32

Debian libcamlimages-ocaml-dev_2.20-8+etch1_i386.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch1_i386.deb

Debian libcamlimages-ocaml-dev_2.20-8+etch2_i386.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch2_i386.deb

Debian libcamlimages-ocaml-dev_2.20-8+etch3_i386.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch3_i386.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch1_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch1_all.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch2_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch2_all.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch3_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch3_all.deb

Debian libcamlimages-ocaml_2.20-8+etch1_i386.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_i386.deb

Debian libcamlimages-ocaml_2.20-8+etch2_i386.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_i386.deb

Debian libcamlimages-ocaml_2.20-8+etch3_i386.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_i386.deb

Debian Linux 4.0 arm

Debian libcamlimages-ocaml-dev_2.20-8+etch1_arm.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch1_arm.deb

Debian libcamlimages-ocaml-dev_2.20-8+etch2_arm.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch2_arm.deb

Debian libcamlimages-ocaml-dev_2.20-8+etch3_arm.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-dev_2.20-8+etch3_arm.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch1_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch1_all.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch2_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.208+etch2_all.deb

Debian libcamlimages-ocaml-doc_2.20-8+etch3_all.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml-doc_2.20-8+etch3_all.deb

Debian libcamlimages-ocaml_2.20-8+etch1_arm.deb

http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_arm.deb

参考网址

来源: bugs.gentoo.org

链接:https://bugs.gentoo.org/show_bug.cgi?id=276235

来源: bugs.gentoo.org

链接:https://bugs.gentoo.org/attachment.cgi?id=199108

来源: XF

名称: camlimages-gifread-jpegread-bo(52649)

链接:http://xforce.iss.net/xforce/xfdb/52649

来源: BID

名称: 35999

链接:http://www.securityfocus.com/bid/35999

来源: MLIST

名称: [oss-security] 20090725 camlimages: Integer overflows in GIF and JPEG readers

链接:http://www.openwall.com/lists/oss-security/2009/07/25/2

来源: DEBIAN

名称: DSA-1912

链接:http://www.debian.org/security/2009/dsa-1912

来源: DEBIAN

名称: DSA-1857

链接:http://www.debian.org/security/2009/dsa-1857

来源: security.debian.org

链接:http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz

来源: security.debian.org

链接:http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz

来源: SECUNIA

名称: 37067

链接:http://secunia.com/advisories/37067

来源: camlcvs.inria.fr

链接:http://camlcvs.inria.fr/cgi-bin/cvsweb.cgi/bazar-ocaml/camlimages/src/jpegread.c.diff?r1=1.3;r2=1.4;sortby=date;f=h

来源: bugs.debian.org

链接:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=540146

来源: ftp.debian.org

链接:ftp://ftp.debian.org/debian/pool/main/c/camlimages/camlimages_3.0.1-3.diff.gz

来源: ftp.debian.org

链接:ftp://ftp.debian.org/debian/pool/main/c/camlimages/camlimages_2.20-8+etch2.diff.gz

来源: ftp.debian.org

链接:ftp://ftp.debian.org/debian/pool/main/c/camlimages/camlimages_2.2.0-4+lenny2.diff.gz

受影响实体

  • Jun_furuse Camlimages:2.2  
    <!--
    2000-1-1
    -->

补丁

    暂无