Bug 20673 - CVE-2009-2369 wxWidgets "wxImage::Create()" Integer Overflow Vulnerability
Summary: CVE-2009-2369 wxWidgets "wxImage::Create()" Integer Overflow Vulnerability
Status: CLOSED DUPLICATE of bug 20328
Alias: None
Product: Sisyphus
Classification: Development
Component: wxGTK (show other bugs)
Version: unstable
Hardware: all Linux
: P3 critical
Assignee: Nobody's working on this, feel free to take it
QA Contact: qa-sisyphus
URL: http://secunia.com/advisories/35351/
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-07-03 15:29 MSD by Vladimir Lettiev
Modified: 2009-08-21 16:47 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-03 15:29:23 MSD 
Tielei Wang has discovered a vulnerability in wxWidgets, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow error within the "wxImage::Create()" function in src/common/image.cpp. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening e.g. a specially crafted JPEG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 2.8.10. Other versions may also be affected.
Comment 1 Boris Savelev 2009-08-21 16:47:43 MSD 
> wxGTK-2.8.9-alt2.src.rpm

*** This bug has been marked as a duplicate of bug 20328 ***