Bug 20673

Summary: CVE-2009-2369 wxWidgets "wxImage::Create()" Integer Overflow Vulnerability
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: wxGTKAssignee: Nobody's working on this, feel free to take it <nobody>
Status: CLOSED DUPLICATE QA Contact: qa-sisyphus
Severity: critical    
Priority: P3 CC: boris
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://secunia.com/advisories/35351/

Description Vladimir Lettiev 2009-07-03 15:29:23 MSD 
Tielei Wang has discovered a vulnerability in wxWidgets, which can be exploited by malicious people to potentially compromise a user's system.

The vulnerability is caused due to an integer overflow error within the "wxImage::Create()" function in src/common/image.cpp. This can be exploited to cause a heap-based buffer overflow by tricking a user into opening e.g. a specially crafted JPEG file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 2.8.10. Other versions may also be affected.
Comment 1 Boris Savelev 2009-08-21 16:47:43 MSD 
> wxGTK-2.8.9-alt2.src.rpm

*** This bug has been marked as a duplicate of bug 20328 ***