This queue is for tickets about the Imager CPAN distribution.

Maintainer(s)' notes

Tickets for Imager are now on github at https://github.com/tonycoz/imager

Report information
The Basics
Id:
35324
Status:
resolved
Priority:
Low/Low
Queue:

People
Owner:
TONYC [...] cpan.org
Requestors:
TONYC [...] cpan.org
Cc:
AdminCc:

BugTracker
Severity:
(no value)
Broken in:
  • 0.42
  • 0.43
  • 0.43_03
  • 0.44
  • 0.44_01
  • 0.45
  • 0.45_02
  • 0.46
  • 0.47
  • 0.48
  • 0.49
  • 0.49_01
  • 0.50
  • 0.51
  • 0.51_01
  • 0.51_02
  • 0.51_03
  • 0.52
  • 0.53
  • 0.55
  • 0.56
  • 0.57
  • 0.58
  • 0.59
  • 0.60
  • 0.61
  • 0.62
  • 0.63
Fixed in:
(no value)



Subject: buffer overflow when using an image based fill on a double precision image.
Using an image based fill on a large sample output image where the number of input channels does not match the number of output will result in a buffer overflow of a malloc()ed buffer. This typically results in corruption of the global memory arena. This at least could be used as a denial of service. Mitigating factors: - prior to Imager 0.56 no file formats were read at large sample sizes, so large sample images could only be created explicitly - the values written at the end of the buffer are doubles, so if a 16-bit/sample source image is read each double can only have 1 of 65536 values instead of the full range of possible doubles
Fixed in Imager 0.64. Leaving this ticket open for now.
This issue has been assigned CVE-2008-1928


This service runs on Request Tracker, is sponsored by The Perl Foundation, and maintained by Best Practical Solutions.

Please report any issues with rt.cpan.org to rt-cpan-admin@bestpractical.com.