Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Imager | Tony_cook | 0.41 (including) | 0.41 (including) |
| Imager | Tony_cook | 0.42 (including) | 0.42 (including) |
| Imager | Tony_cook | 0.43 (including) | 0.43 (including) |
| Imager | Tony_cook | 0.44_1 (including) | 0.44_1 (including) |
| Imager | Tony_cook | 0.45 (including) | 0.45 (including) |
| Imager | Tony_cook | 0.45_2 (including) | 0.45_2 (including) |
| Imager | Tony_cook | 0.47 (including) | 0.47 (including) |
| Imager | Tony_cook | 0.48 (including) | 0.48 (including) |
| Imager | Tony_cook | 0.49 (including) | 0.49 (including) |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
- http://rt.cpan.org/Public/Bug/Display.html?id=18397
- http://secunia.com/advisories/19575
- http://secunia.com/advisories/19577
- http://www.debian.org/security/2006/dsa-1028
- http://www.securityfocus.com/bid/17415
- http://www.vupen.com/english/advisories/2006/1294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25717
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
- http://rt.cpan.org/Public/Bug/Display.html?id=18397
- http://secunia.com/advisories/19575
- http://secunia.com/advisories/19577
- http://www.debian.org/security/2006/dsa-1028
- http://www.securityfocus.com/bid/17415
- http://www.vupen.com/english/advisories/2006/1294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25717