aru Posted June 28, 2006 Report Share Posted June 28, 2006 Mandriva Advisories MDKSA-2006:114 : libwmf Updated libwmf packages fixes embedded GD vulnerability June 27th, 2006 Integer overflows were reported in the GD Graphics Library (libgd) 2.0.28, and possibly other versions. These overflows allow remote attackers tocause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx() function. Libwmf contains an embedded copy of the GD library code. (CAN-2004-0941) Updated packages have been patched to address this issue. The released versions of Mandriva GNU/Linux affected are: CS3.0 10.2 2006.0 Full information about this advisory, including the updated packages, is available at: www.mandriva.com/security/advisories?name=MDKSA-2006:114 Other references: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0941 Posted automatically by aru (mdksec2mub v: mdksec2mub,v 1.2 2006/06/01 20:04:28 pituko Exp $) Link to comment Share on other sites More sharing options...
Recommended Posts