Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2295

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2295
Last Modified 07 Jul 2009 12:00:00
Published 05 Jul 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2295

Summary

Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.

Vulnerable Systems

Application

  • Jun Furuse Camlimages 2.2


References

VUPEN - ADV-2009-1874

BID - 35556

BUGTRAQ - 20090702 [oCERT-2009-009] CamlImages integer overflows

MISC - http://www.ocert.org/advisories/ocert-2009-009.html

DEBIAN - DSA-1832

SECUNIA - 35819


Last Updated: 27 May 2016 10:50:50