Bug 20680

Summary: CVE-2009-2294 Dillo integer overflow
Product: Sisyphus Reporter: Vladimir Lettiev <crux>
Component: dilloAssignee: Ivan A. Melnikov <iv>
Status: CLOSED FIXED QA Contact: qa-sisyphus
Severity: critical    
Priority: P3 CC: iv
Version: unstableKeywords: security
Hardware: all   
OS: Linux   
URL: http://www.ocert.org/advisories/ocert-2009-008.html

Description Vladimir Lettiev 2009-07-04 11:22:40 MSD 
Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.

The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.

Fixed in version 2.1.1
Comment 1 Repository Robot 2009-07-06 03:07:59 MSD 
dillo-0.8.6-alt6 -> sisyphus:

* Sun Jul 05 2009 Nikolay A. Fetisov <naf@altlinux> 0.8.6-alt6

- Security fix (CVE-2009-2294) (Closes: 20680)
Comment 2 Nikolay A. Fetisov 2009-07-06 09:52:25 MSD 
Закрыто в 0.8.6-alt6, 0.8.6-alt5.M50.1, 0.8.6-alt5.M41.1 0.8.6-alt5.M40.1.