Vulnerabilities > CVE-2010-1526 - Numeric Errors vulnerability in Mono-Project Libgdiplus 2.6.7

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
mono-project
CWE-189
nessus

Summary

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.

Vulnerable Configurations

Part Description Count
Application
Mono-Project
1

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-13676.NASL
    description - bugfix for three integer overflow errors (CVE-2010-1526) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49154
    published2010-09-09
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49154
    titleFedora 14 : libgdiplus-2.6.7-3.fc14 (2010-13676)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_LIBGDIPLUS0-100824.NASL
    descriptionThis update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code : - gdip_load_tiff_image() by processing specially crafted TIFF images - gdip_load_jpeg_image_internal() by processing specially crafted JPEG images - gdip_read_bmp_image() by processing specially crafted BMP image
    last seen2020-06-01
    modified2020-06-02
    plugin id50932
    published2010-12-02
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/50932
    titleSuSE 11 / 11.1 Security Update : libgdiplus0 (SAT Patch Numbers 2999 / 3000)
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-993-1.NASL
    descriptionStefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49762
    published2010-10-06
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49762
    titleUbuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libgdiplus vulnerability (USN-993-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_2_LIBGDIPLUS0-100824.NASL
    descriptionThis update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code : -
    last seen2020-06-01
    modified2020-06-02
    plugin id49672
    published2010-09-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49672
    titleopenSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_3_LIBGDIPLUS0-100824.NASL
    descriptionThis update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code : -
    last seen2020-06-01
    modified2020-06-02
    plugin id75579
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/75579
    titleopenSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)
  • NASL familyMandriva Local Security Checks
    NASL idMANDRIVA_MDVSA-2010-166.NASL
    descriptionA vulnerability has been found and corrected in libgdiplus : Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows (CVE-2010-1526). The updated packages have been patched to correct this issue.
    last seen2020-06-01
    modified2020-06-02
    plugin id49063
    published2010-09-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/49063
    titleMandriva Linux Security Advisory : libgdiplus (MDVSA-2010:166)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-13695.NASL
    description - bugfix for three integer overflow errors (CVE-2010-1526) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49155
    published2010-09-09
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49155
    titleFedora 12 : libgdiplus-2.4.2-4.fc12 (2010-13695)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_LIBGDIPLUS-7130.NASL
    descriptionThis update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code : - gdip_load_tiff_image() by processing specially crafted TIFF images - gdip_load_jpeg_image_internal() by processing specially crafted JPEG images - gdip_read_bmp_image()by processing specially crafted BMP image
    last seen2020-06-01
    modified2020-06-02
    plugin id49878
    published2010-10-11
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49878
    titleSuSE 10 Security Update : libgdiplus (ZYPP Patch Number 7130)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201401-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201401-01 (Libgdiplus: Arbitrary code execution) An integer overflow flaw has been discovered in Libgdiplus. Impact : A remote attacker could entice a user to open a specially crafted TIFF/JPEG/BMP file, potentially resulting in arbitrary code execution. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id71801
    published2014-01-06
    reporterThis script is Copyright (C) 2014-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/71801
    titleGLSA-201401-01 : Libgdiplus: Arbitrary code execution
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-13698.NASL
    description - bugfix for three integer overflow errors (CVE-2010-1526) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id49156
    published2010-09-09
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49156
    titleFedora 13 : libgdiplus-2.6.7-2.fc13 (2010-13698)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_1_LIBGDIPLUS0-100824.NASL
    descriptionThis update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code : -
    last seen2020-06-01
    modified2020-06-02
    plugin id49669
    published2010-09-24
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/49669
    titleopenSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)