CVE Vulnerabilities

CVE-2009-2660

Published: Aug 04, 2009 | Modified: Nov 07, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to (1) crafted GIF files (gifread.c) and (2) crafted JPEG files (jpegread.c), a different vulnerability than CVE-2009-2295.

Affected Software

Name Vendor Start Version End Version
Camlimages Jun_furuse 2.2 (including) 2.2 (including)
Camlimages Ubuntu dapper *
Camlimages Ubuntu hardy *
Camlimages Ubuntu intrepid *
Camlimages Ubuntu jaunty *
Camlimages Ubuntu upstream *

References