Bug 20680 - CVE-2009-2294 Dillo integer overflow
Summary: CVE-2009-2294 Dillo integer overflow
Status: CLOSED FIXED
Alias: None
Product: Sisyphus
Classification: Development
Component: dillo (show other bugs)
Version: unstable
Hardware: all Linux
: P3 critical
Assignee: Nikolay A. Fetisov
QA Contact: qa-sisyphus
URL: http://www.ocert.org/advisories/ocert...
Keywords: security
Depends on:
Blocks:
 
Reported: 2009-07-04 11:22 MSD by Vladimir Lettiev
Modified: 2009-07-06 09:52 MSD (History)
1 user (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vladimir Lettiev 2009-07-04 11:22:40 MSD 
Dillo, an open source graphical web browser, suffers from an integer overflow which may lead to a potentially exploitable heap overflow and result in arbitrary code execution.

The vulnerability is triggered by HTML pages with embedded PNG images, the Png_datainfo_callback function does not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.

Fixed in version 2.1.1
Comment 1 Repository Robot 2009-07-06 03:07:59 MSD 
dillo-0.8.6-alt6 -> sisyphus:

* Sun Jul 05 2009 Nikolay A. Fetisov <naf@altlinux> 0.8.6-alt6

- Security fix (CVE-2009-2294) (Closes: 20680)
Comment 2 Nikolay A. Fetisov 2009-07-06 09:52:25 MSD 
Закрыто в 0.8.6-alt6, 0.8.6-alt5.M50.1, 0.8.6-alt5.M41.1 0.8.6-alt5.M40.1.