Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 334101 (CVE-2010-1526)

Summary: <dev-dotnet/libgdiplus-2.6.7-r1: Multiple Integer Overflow Vulnerabilities (CVE-2010-1526)
Product: Gentoo Security Reporter: Tim Sammut (RETIRED) <underling>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: normal CC: dotnet+disabled
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard: B2 [glsa]
Package list:
Runtime testing required: ---

Description Tim Sammut (RETIRED) gentoo-dev 2010-08-23 16:55:03 UTC
From: http://secunia.com/secunia_research/2010-102/

Secunia Research has discovered three vulnerabilities in libgdiplus 
for Mono, which can be exploited by malicious people to compromise an
application using the library.

1) An integer overflow error within the "gdip_load_tiff_image()" 
function in src/tiffcodec.c can be exploited to cause a heap-based 
buffer overflow by e.g. processing specially crafted TIFF images in 
an application using the library.

2) An integer overflow error within the 
"gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be 
exploited to cause a heap-based buffer overflow by e.g. processing 
specially crafted JPEG images in an application using the library.

3) An integer overflow error within the "gdip_read_bmp_image()"
function in src/bmpcodec.c can be exploited to cause a heap-based 
buffer overflow by e.g. processing specially crafted BMP images in an 
application using the library.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2010-09-01 20:05:44 UTC
CVE-2010-1526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1526):
  Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,
  allow attackers to execute arbitrary code via (1) a crafted TIFF
  file, related to the gdip_load_tiff_image function in tiffcodec.c;
  (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal
  function in jpegcodec.c; or (3) a crafted BMP file, related to the
  gdip_read_bmp_image function in bmpcodec.c, leading to heap-based
  buffer overflows.

Comment 2 Pacho Ramos gentoo-dev 2010-09-07 21:57:42 UTC
+*libgdiplus-2.6.7-r1 (07 Sep 2010)
+
+  07 Sep 2010; Pacho Ramos <pacho@gentoo.org> +libgdiplus-2.6.7-r1.ebuild,
+  +files/libgdiplus-2.6.7-fix-overflows.patch:
+  Fix Multiple Integer Overflow Vulnerabilities (CVE-2010-1526) (bug
+  #334101) applying upstream patch also used in Fedora.

Maybe it should be installed with the rest of mono-2.6.7 :-/
Comment 3 Tim Sammut (RETIRED) gentoo-dev 2010-09-09 00:06:54 UTC
Arches, please test and mark stable:
=dev-dotnet/libgdiplus-2.6.7-r1
Target keywords : "amd64 ppc x86"
Comment 4 Christian Faulhammer (RETIRED) gentoo-dev 2010-09-09 17:02:27 UTC
x86 stable
Comment 5 Markos Chandras (RETIRED) gentoo-dev 2010-09-10 10:52:18 UTC
amd64 done
Comment 6 Joe Jezak (RETIRED) gentoo-dev 2010-09-12 14:08:50 UTC
Marked ppc stable.
Comment 7 Tim Sammut (RETIRED) gentoo-dev 2010-10-01 04:20:29 UTC
GLSA request filed.
Comment 8 GLSAMaker/CVETool Bot gentoo-dev 2014-01-05 02:09:19 UTC
This issue was resolved and addressed in
 GLSA 201401-01 at http://security.gentoo.org/glsa/glsa-201401-01.xml
by GLSA coordinator Chris Reffett (creffett).