Vulnerabilities > CVE-2009-3296 - Numeric Errors vulnerability in Gallium.Inria Camimages 2.2
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2009-10594.NASL description Fix handling of oversized TIFF images. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42446 published 2009-11-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42446 title Fedora 11 : ocaml-camlimages-3.0.1-7.fc11.3 (2009-10594) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-10594. # include("compat.inc"); if (description) { script_id(42446); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2009-3296"); script_bugtraq_id(36713); script_xref(name:"FEDORA", value:"2009-10594"); script_name(english:"Fedora 11 : ocaml-camlimages-3.0.1-7.fc11.3 (2009-10594)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix handling of oversized TIFF images. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=528732" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030815.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?42e1a5fe" ); script_set_attribute( attribute:"solution", value:"Update the affected ocaml-camlimages package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ocaml-camlimages"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:11"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^11([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 11.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC11", reference:"ocaml-camlimages-3.0.1-7.fc11.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ocaml-camlimages"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1912.NASL description It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images. last seen 2020-06-01 modified 2020-06-02 plugin id 44777 published 2010-02-24 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/44777 title Debian DSA-1912-1 : camlimages - integer overflow code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-1912. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(44777); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-2660", "CVE-2009-3296"); script_bugtraq_id(36713); script_xref(name:"DSA", value:"1912"); script_name(english:"Debian DSA-1912-1 : camlimages - integer overflow"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that CamlImages, an open source image processing library, suffers from several integer overflows, which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. This advisory addresses issues with the reading of TIFF files. It also expands the patch for CVE-2009-2660 to cover another potential overflow in the processing of JPEG images." ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2009-2660" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2009/dsa-1912" ); script_set_attribute( attribute:"solution", value: "Upgrade the camlimages package. For the oldstable distribution (etch), this problem has been fixed in version 2.20-8+etch3. For the stable distribution (lenny), this problem has been fixed in version 1:2.2.0-4+lenny3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:camlimages"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:4.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/02/24"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"4.0", prefix:"libcamlimages-ocaml", reference:"2.20-8+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcamlimages-ocaml-dev", reference:"2.20-8+etch3")) flag++; if (deb_check(release:"4.0", prefix:"libcamlimages-ocaml-doc", reference:"2.20-8+etch3")) flag++; if (deb_check(release:"5.0", prefix:"libcamlimages-ocaml", reference:"1:2.2.0-4+lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcamlimages-ocaml-dev", reference:"1:2.2.0-4+lenny3")) flag++; if (deb_check(release:"5.0", prefix:"libcamlimages-ocaml-doc", reference:"1:2.2.0-4+lenny3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2009-10568.NASL description Fix handling of oversized TIFF images. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 42444 published 2009-11-11 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/42444 title Fedora 10 : ocaml-camlimages-3.0.1-3.fc10.3 (2009-10568) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2009-10568. # include("compat.inc"); if (description) { script_id(42444); script_version("1.12"); script_cvs_date("Date: 2019/08/02 13:32:28"); script_cve_id("CVE-2009-3296"); script_bugtraq_id(36713); script_xref(name:"FEDORA", value:"2009-10568"); script_name(english:"Fedora 10 : ocaml-camlimages-3.0.1-3.fc10.3 (2009-10568)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix handling of oversized TIFF images. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=528732" ); # https://lists.fedoraproject.org/pipermail/package-announce/2009-November/030838.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43010bcb" ); script_set_attribute( attribute:"solution", value:"Update the affected ocaml-camlimages package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ocaml-camlimages"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:10"); script_set_attribute(attribute:"patch_publication_date", value:"2009/10/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/11"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^10([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 10.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC10", reference:"ocaml-camlimages-3.0.1-3.fc10.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ocaml-camlimages"); }NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201006-02.NASL description The remote host is affected by the vulnerability described in GLSA-201006-02 (CamlImages: User-assisted execution of arbitrary code) Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Other integer overflows were also found in tiffread.c (CVE-2009-3296). Impact : A remote attacker could entice a user to open a specially crafted, overly large PNG, GIF, TIFF, or JPEG image using an application that uses the CamlImages library, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 46769 published 2010-06-02 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/46769 title GLSA-201006-02 : CamlImages: User-assisted execution of arbitrary code code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201006-02. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(46769); script_version("1.10"); script_cvs_date("Date: 2019/08/02 13:32:45"); script_cve_id("CVE-2009-2295", "CVE-2009-2660", "CVE-2009-3296"); script_bugtraq_id(35556, 36713); script_xref(name:"GLSA", value:"201006-02"); script_name(english:"GLSA-201006-02 : CamlImages: User-assisted execution of arbitrary code"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201006-02 (CamlImages: User-assisted execution of arbitrary code) Tielei Wang reported multiple integer overflows, possibly leading to heap-based buffer overflows in the (1) read_png_file() and read_png_file_as_rgb24() functions, when processing a PNG image (CVE-2009-2295) and (2) gifread.c and jpegread.c files when processing GIF or JPEG images (CVE-2009-2660). Other integer overflows were also found in tiffread.c (CVE-2009-3296). Impact : A remote attacker could entice a user to open a specially crafted, overly large PNG, GIF, TIFF, or JPEG image using an application that uses the CamlImages library, possibly resulting in the execution of arbitrary code with the privileges of the user running the application. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201006-02" ); script_set_attribute( attribute:"solution", value: "All CamlImages users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose =dev-ml/camlimages-3.0.2" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(189); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:camlimages"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2010/06/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/06/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-ml/camlimages", unaffected:make_list("ge 3.0.2"), vulnerable:make_list("lt 3.0.2"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "CamlImages"); }
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 36713 CVE ID:CVE-2009-3296 CamlImages是一款开放源代码的图像处理库。 CamlImages存在多个整数溢出,可导致可利用的堆溢出,可以应用程序权限执行任意指令。 处理TIFF和JPEG图像文件都存在此漏洞。 CamlImages 2.2 厂商解决方案 Debian linux可参考如下升级程序: Debian Linux 4.0 amd64 Debian libcamlimages-ocaml_2.20-8+etch1_amd64.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_amd64.deb Debian libcamlimages-ocaml_2.20-8+etch2_amd64.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_amd64.deb Debian libcamlimages-ocaml_2.20-8+etch3_amd64.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_amd64.deb Debian Linux 4.0 ia-32 Debian libcamlimages-ocaml_2.20-8+etch1_i386.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_i386.deb Debian libcamlimages-ocaml_2.20-8+etch2_i386.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_i386.deb Debian libcamlimages-ocaml_2.20-8+etch3_i386.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_i386.deb Debian Linux 4.0 arm Debian libcamlimages-ocaml_2.20-8+etch1_arm.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_arm.deb Debian libcamlimages-ocaml_2.20-8+etch2_arm.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_arm.deb Debian libcamlimages-ocaml_2.20-8+etch3_arm.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_arm.deb Debian Linux 4.0 hppa Debian libcamlimages-ocaml_2.20-8+etch1_hppa.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_hppa.deb Debian libcamlimages-ocaml_2.20-8+etch2_hppa.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_hppa.deb Debian libcamlimages-ocaml_2.20-8+etch3_hppa.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_hppa.deb Debian Linux 4.0 sparc Debian libcamlimages-ocaml_2.20-8+etch1_sparc.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_sparc.deb Debian libcamlimages-ocaml_2.20-8+etch2_sparc.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_sparc.deb Debian libcamlimages-ocaml_2.20-8+etch3_sparc.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_sparc.deb Debian Linux 4.0 powerpc Debian libcamlimages-ocaml_2.20-8+etch1_powerpc.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_powerpc.deb Debian libcamlimages-ocaml_2.20-8+etch2_powerpc.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_powerpc.deb Debian libcamlimages-ocaml_2.20-8+etch3_powerpc.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_powerpc.deb Debian Linux 4.0 alpha Debian libcamlimages-ocaml_2.20-8+etch1_alpha.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_alpha.deb Debian libcamlimages-ocaml_2.20-8+etch2_alpha.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_alpha.deb Debian libcamlimages-ocaml_2.20-8+etch3_alpha.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_alpha.deb Debian Linux 4.0 mipsel Debian libcamlimages-ocaml_2.20-8+etch1_mipsel.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_mipsel.deb Debian libcamlimages-ocaml_2.20-8+etch2_mipsel.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_mipsel.deb Debian libcamlimages-ocaml_2.20-8+etch3_mipsel.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_mipsel.deb Debian Linux 4.0 ia-64 Debian libcamlimages-ocaml_2.20-8+etch1_ia64.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_ia64.deb Debian libcamlimages-ocaml_2.20-8+etch2_ia64.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_ia64.deb Debian libcamlimages-ocaml_2.20-8+etch3_ia64.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_ia64.deb Debian Linux 4.0 mips Debian libcamlimages-ocaml_2.20-8+etch1_mips.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch1_mips.deb Debian libcamlimages-ocaml_2.20-8+etch2_mips.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch2_mips.deb Debian libcamlimages-ocaml_2.20-8+etch3_mips.deb http://security.debian.org/pool/updates/main/c/camlimages/libcamlimage s-ocaml_2.20-8+etch3_mips.deb |
| id | SSV:12491 |
| last seen | 2017-11-19 |
| modified | 2009-10-20 |
| published | 2009-10-20 |
| reporter | Root |
| title | CamlImages JPEG处理远程缓冲区溢出漏洞 |
References
- http://secunia.com/advisories/37067
- http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenny3.diff.gz
- http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etch3.diff.gz
- http://www.debian.org/security/2009/dsa-1912
- http://www.securityfocus.com/bid/36713