Skip Menu |
 

This queue is for tickets about the Imager CPAN distribution.

Report information
The Basics
Id: 26811
Status: resolved
Priority: 0/
Queue: Imager

People
Owner: TONYC [...] cpan.org
Requestors: tony [...] develop-help.com
Cc:
AdminCc:

Bug Information
Severity: Critical
Broken in:
  • 0.21
  • 0.27
  • 0.28
  • 0.29
  • 0.31
  • 0.32
  • 0.35
  • 0.36
  • 0.37
  • 0.38
  • 0.39
  • 0.40
  • 0.41
  • 0.42
  • 0.43
  • 0.43_03
  • 0.44
  • 0.44_01
  • 0.45
  • 0.45_02
  • 0.46
  • 0.47
  • 0.48
  • 0.49
  • 0.49_01
  • 0.50
  • 0.51
  • 0.51_01
  • 0.51_02
  • 0.51_03
  • 0.52
  • 0.53
  • 0.55
  • 0.56
Fixed in: (no value)



Subject: placeholder for security issue
Date: Mon, 30 Apr 2007 18:06:01 +1000
To: bug-Imager [...] rt.cpan.org
From: Tony Cook <tony [...] develop-help.com>
placeholder
Download (untitled) / with headers
text/plain 694b
Imager 0.56 and all earlier versions with BMP support have security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line. Such an overflow causes a buffer overflow in a malloc() allocated memory buffer, possibly corrupting the memory arena headers. The effect depends on your system memory allocator, with glibc this typically results in an abort, but with other memory allocators it may be possible to cause local code execution. Imager 0.57 has been released to fix this problem. The PPD archive at http://ppd.develop-help.com has been updated with a 0.57 ppd build of Imager that fixes this issue.
Download (untitled) / with headers
text/plain 242b
I posted a patch for this to the Debian bug tracking system that patches both read_8bit_bmp and read_4bit_bmp, but the buffer overflow can only occur in read_8bit_bmp, read_4bit_bmp uses a different mechanism to fill out literal and RLE data.
Fixed in 0.57.


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.