Jump to content

Advisories MDVSA-2010:166: libgdiplus


paul
 Share

Recommended Posts

A vulnerability has been found and corrected in libgdiplus:

 

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono,

allow attackers to execute arbitrary code via (1) a crafted TIFF

file, related to the gdip_load_tiff_image function in tiffcodec.c;

(2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal

function in jpegcodec.c; or (3) a crafted BMP file, related to the

gdip_read_bmp_image function in bmpcodec.c, leading to heap-based

buffer overflows (CVE-2010-1526).

 

The updated packages have been patched to correct this issue.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

×
×
  • Create New...