Launchpad.net

CVE 2009-2295

Multiple integer overflows in CamlImages 2.2 and earlier might allow context-dependent attackers to execute arbitrary code via a crafted PNG image with large width and height values that trigger a heap-based buffer overflow in the (1) read_png_file or (2) read_png_file_as_rgb24 function.

Related bugs and status

CVE-2009-2295 (Candidate) is related to these bugs:

Bug #391546: Missing line-end comma in debian/control

Summary				In	Importance	Status
	391546	Missing line-end comma in debian/control		camlimages (Ubuntu)	Undecided	Fix Released
	391546	Missing line-end comma in debian/control		camlimages (Ubuntu Karmic)	Undecided	Fix Released

Bug #602924: [Security] advi should build-dep on hardened camlimages

Summary				In	Importance	Status
	602924	[Security] advi should build-dep on hardened camlimages		advi (Ubuntu)	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

References

MISC: http://www.ocert.org/a...
DEBIAN: DSA-1832
BID: 35556
SECUNIA: 35819
VUPEN: ADV-2009-1874
BUGTRAQ: 20090702 [oCERT-2009-0...