24399 2010-10-23 21:02:06 +0400 CVE-2010-1526: Mono libgdiplus Image Processing Integer Overflow Vulnerabilities 2011-03-14 14:17:35 +0300 1 1 4 Development Sisyphus libgdiplus unstable all Linux CLOSED FIXED http://secunia.com/advisories/40792 security P3 blocker --- 1 crux rider protvin rider qa-sisyphus oldest_to_newest 114186 0 crux 2010-10-23 21:02:06 +0400 1) An integer overflow error within the "gdip_load_tiff_image()" function in src/tiffcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted TIFF images in an application using the library. 2) An integer overflow error within the "gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted JPEG images in an application using the library. 3) An integer overflow error within the "gdip_read_bmp_image()" function in src/bmpcodec.c can be exploited to cause a heap-based buffer overflow by e.g. processing specially crafted BMP images in an application using the library. The vulnerabilities are confirmed in version 2.6.7. Other versions may also be affected. Fixed in git: http://github.com/mono/libgdiplus/commit/6779fbf994d5270720ccb1687ba8b004e20a1821 119223 1 repository-robot 2011-03-14 14:17:35 +0300 libgdiplus-2.6.7-alt2 -> sisyphus: * Mon Mar 14 2011 Alexey Shabalin <shaba@altlinux> 2.6.7-alt2 - snapshot of 2.6 branch (20101015) - fixed CVE-2010-1526 (ALT #24399)