Skip Menu |
 

This queue is for tickets about the Imager CPAN distribution.

Report information
The Basics
Id: 35324
Status: resolved
Priority: 0/
Queue: Imager

People
Owner: TONYC [...] cpan.org
Requestors: TONYC [...] cpan.org
Cc:
AdminCc:

Bug Information
Severity: (no value)
Broken in:
  • 0.42
  • 0.43
  • 0.43_03
  • 0.44
  • 0.44_01
  • 0.45
  • 0.45_02
  • 0.46
  • 0.47
  • 0.48
  • 0.49
  • 0.49_01
  • 0.50
  • 0.51
  • 0.51_01
  • 0.51_02
  • 0.51_03
  • 0.52
  • 0.53
  • 0.55
  • 0.56
  • 0.57
  • 0.58
  • 0.59
  • 0.60
  • 0.61
  • 0.62
  • 0.63
Fixed in: (no value)



Subject: buffer overflow when using an image based fill on a double precision image.
Download (untitled) / with headers
text/plain 646b
Using an image based fill on a large sample output image where the number of input channels does not match the number of output will result in a buffer overflow of a malloc()ed buffer. This typically results in corruption of the global memory arena. This at least could be used as a denial of service. Mitigating factors: - prior to Imager 0.56 no file formats were read at large sample sizes, so large sample images could only be created explicitly - the values written at the end of the buffer are doubles, so if a 16-bit/sample source image is read each double can only have 1 of 65536 values instead of the full range of possible doubles
Fixed in Imager 0.64. Leaving this ticket open for now.
This issue has been assigned CVE-2008-1928


This service is sponsored and maintained by Best Practical Solutions and runs on Perl.org infrastructure.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.