Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sat, 25 Jul 2009 14:24:01 +0200
From: Robert Buchholz <>
Cc: Andrea Barisani <>,
Subject: camlimages: Integer overflows in GIF and JPEG readers


oCERT reported integer overflows in camlimages when reading PNG images 
earlier this month (oCERT-2009-009), CVE-2009-2295 was assigned.

Upstream has since incorporated the RedHat patch into their CVS:

They also fixed similar integer overflows in gifread.c and jpegread.c 
for values that are used in memory allocations and memcpy().
At least Debian used the existing CVE identifier only for the PNG 
vulnerabilities, so a new identifier might be needed.

A stripped down [by Alexis Ballier] version of the patch is in out BZ:


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ