334101 – (CVE-2010-1526) <dev-dotnet/libgdiplus-2.6.7-r1: Multiple Integer Overflow Vulnerabilities (CVE-2010-1526)

Bug 334101 (CVE-2010-1526) - <dev-dotnet/libgdiplus-2.6.7-r1: Multiple Integer Overflow Vulnerabilities (CVE-2010-1526)

Summary: <dev-dotnet/libgdiplus-2.6.7-r1: Multiple Integer Overflow Vulnerabilities (C...

Status:	RESOLVED FIXED

Alias:	CVE-2010-1526

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal
Assignee:	Gentoo Security

URL:
Whiteboard:	B2 [glsa]
Keywords:

Depends on:
Blocks:

Reported:	2010-08-23 16:55 UTC by Tim Sammut (RETIRED)
Modified:	2014-01-05 02:09 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Tim Sammut (RETIRED) gentoo-dev

2010-08-23 16:55:03 UTC

From: http://secunia.com/secunia_research/2010-102/

Secunia Research has discovered three vulnerabilities in libgdiplus 
for Mono, which can be exploited by malicious people to compromise an
application using the library.

1) An integer overflow error within the "gdip_load_tiff_image()" 
function in src/tiffcodec.c can be exploited to cause a heap-based 
buffer overflow by e.g. processing specially crafted TIFF images in 
an application using the library.

2) An integer overflow error within the 
"gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be 
exploited to cause a heap-based buffer overflow by e.g. processing 
specially crafted JPEG images in an application using the library.

3) An integer overflow error within the "gdip_read_bmp_image()"
function in src/bmpcodec.c can be exploited to cause a heap-based 
buffer overflow by e.g. processing specially crafted BMP images in an 
application using the library.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2010-09-01 20:05:44 UTC

CVE-2010-1526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-1526):
  Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,
  allow attackers to execute arbitrary code via (1) a crafted TIFF
  file, related to the gdip_load_tiff_image function in tiffcodec.c;
  (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal
  function in jpegcodec.c; or (3) a crafted BMP file, related to the
  gdip_read_bmp_image function in bmpcodec.c, leading to heap-based
  buffer overflows.

Comment 2 Pacho Ramos gentoo-dev

2010-09-07 21:57:42 UTC

+*libgdiplus-2.6.7-r1 (07 Sep 2010)
+
+  07 Sep 2010; Pacho Ramos <pacho@gentoo.org> +libgdiplus-2.6.7-r1.ebuild,
+  +files/libgdiplus-2.6.7-fix-overflows.patch:
+  Fix Multiple Integer Overflow Vulnerabilities (CVE-2010-1526) (bug
+  #334101) applying upstream patch also used in Fedora.

Maybe it should be installed with the rest of mono-2.6.7 :-/

Comment 3 Tim Sammut (RETIRED) gentoo-dev

2010-09-09 00:06:54 UTC

Arches, please test and mark stable:
=dev-dotnet/libgdiplus-2.6.7-r1
Target keywords : "amd64 ppc x86"

Comment 4 Christian Faulhammer (RETIRED) gentoo-dev

2010-09-09 17:02:27 UTC

x86 stable

Comment 5 Markos Chandras (RETIRED) gentoo-dev

2010-09-10 10:52:18 UTC

amd64 done

Comment 6 Joe Jezak (RETIRED) gentoo-dev

2010-09-12 14:08:50 UTC

Marked ppc stable.

Comment 7 Tim Sammut (RETIRED) gentoo-dev

2010-10-01 04:20:29 UTC

GLSA request filed.

Comment 8 GLSAMaker/CVETool Bot gentoo-dev

2014-01-05 02:09:19 UTC

This issue was resolved and addressed in
 GLSA 201401-01 at http://security.gentoo.org/glsa/glsa-201401-01.xml
by GLSA coordinator Chris Reffett (creffett).