This queue is for tickets about the Imager CPAN distribution.

Maintainer(s)' notes

Tickets for Imager are now on github at https://github.com/tonycoz/imager

Report information
The Basics
Id:
26811
Status:
resolved
Priority:
Low/Low
Queue:

People
Owner:
TONYC [...] cpan.org
Requestors:
tony [...] develop-help.com
Cc:
AdminCc:

BugTracker
Severity:
Critical
Broken in:
  • 0.21
  • 0.27
  • 0.28
  • 0.29
  • 0.31
  • 0.32
  • 0.35
  • 0.36
  • 0.37
  • 0.38
  • 0.39
  • 0.40
  • 0.41
  • 0.42
  • 0.43
  • 0.43_03
  • 0.44
  • 0.44_01
  • 0.45
  • 0.45_02
  • 0.46
  • 0.47
  • 0.48
  • 0.49
  • 0.49_01
  • 0.50
  • 0.51
  • 0.51_01
  • 0.51_02
  • 0.51_03
  • 0.52
  • 0.53
  • 0.55
  • 0.56
Fixed in:
(no value)



Subject: placeholder for security issue
Date: Mon, 30 Apr 2007 18:06:01 +1000
To: bug-Imager@rt.cpan.org
From: Tony Cook <tony@develop-help.com>
placeholder
Imager 0.56 and all earlier versions with BMP support have security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line. Such an overflow causes a buffer overflow in a malloc() allocated memory buffer, possibly corrupting the memory arena headers. The effect depends on your system memory allocator, with glibc this typically results in an abort, but with other memory allocators it may be possible to cause local code execution. Imager 0.57 has been released to fix this problem. The PPD archive at http://ppd.develop-help.com has been updated with a 0.57 ppd build of Imager that fixes this issue.
I posted a patch for this to the Debian bug tracking system that patches both read_8bit_bmp and read_4bit_bmp, but the buffer overflow can only occur in read_8bit_bmp, read_4bit_bmp uses a different mechanism to fill out literal and RLE data.
Fixed in 0.57.


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.