Vulnerabilities > CVE-2009-2295 - Numeric Errors vulnerability in JUN Furuse Camlimages
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-7494.NASL description This update fixes : - Bug #509531 - CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40580 published 2009-08-13 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40580 title Fedora 11 : ocaml-camlimages-3.0.1-7.fc11.2 (2009-7494) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-7494. # include("compat.inc"); if (description) { script_id(40580); script_version ("1.14"); script_cvs_date("Date: 2019/08/02 13:32:30"); script_cve_id("CVE-2009-2295"); script_bugtraq_id(35556); script_xref(name:"FEDORA", value:"2009-7494"); script_name(english:"Fedora 11 : ocaml-camlimages-3.0.1-7.fc11.2 (2009-7494)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update fixes : - Bug #509531 - CVE-2009-2295 ocaml-camlimages: PNG reader multiple integer overflows (oCERT-2009-009) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=509531" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-August/027823.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?369de8cb" ); script_set_attribute( attribute:"solution", value:"Update the affected ocaml-camlimages package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ocaml-camlimages"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/07/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/08/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"ocaml-camlimages-3.0.1-7.fc11.2")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ocaml-camlimages"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1832.NASL description Tielei Wang discovered that CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. last seen 2020-06-01 modified 2020-06-02 plugin id 44697 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44697 title Debian DSA-1832-1 : camlimages - integer overflow NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-02.NASL description The remote host is affected by the vulnerability described in GLSA-201006-02 (CamlImages: User-assisted execution of arbitrary code) Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Other integer overflows were also found in tiffread.c (CVE-2009-3296). Impact : A remote attacker could entice a user to open a specially crafted, overly large PNG, GIF, TIFF, or JPEG image using an application that uses the CamlImages library, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46769 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46769 title GLSA-201006-02 : CamlImages: User-assisted execution of arbitrary code NASL family Fedora Local Security Checks NASL id FEDORA_2009-7491.NASL description - Fri Jul 3 2009 Richard W.M. Jones <rjones at redhat.com> - 3.0.1-3.fc10.2 - ocaml-camlimages: PNG reader multiple integer overflows (CVE-2009-2295 / RHBZ#509531). - Mon Nov 3 2008 Richard W.M. Jones <rjones at redhat.com> - 3.0.1-3 - +BR gtk2-devel. - +BR ocaml-x11. - Mon Nov 3 2008 Richard W.M. Jones <rjones at redhat.com> - 3.0.1-1 - Home page moved (fixes rhbz 468158). - New upstream version 3.0.1 and multiple build fixes for this. - License is really LGPLv2 with the OCaml linking exception. - Removed the DESTDIR patch. - Build tiff support. - Run it through rpmlint and fix all problems. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 40948 published 2009-09-14 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/40948 title Fedora 10 : ocaml-camlimages-3.0.1-3.fc10.2 (2009-7491)