Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows.

This update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code :

  - 'gdip_load_tiff_image()' by processing specially crafted     TIFF images

  - 'gdip_load_jpeg_image_internal()' by processing     specially crafted JPEG images

  - 'gdip_read_bmp_image()'by processing specially crafted     BMP image (CVE-2010-1526)

The remote host is affected by the vulnerability described in GLSA-201401-01 (Libgdiplus: Arbitrary code execution)

    An integer overflow flaw has been discovered in Libgdiplus.
  Impact :

    A remote attacker could entice a user to open a specially crafted       TIFF/JPEG/BMP file, potentially resulting in arbitrary code execution.
  Workaround :

    There is no known workaround at this time.

This update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code :

  - gdip_load_tiff_image() by processing specially crafted     TIFF images

  - gdip_load_jpeg_image_internal() by processing specially     crafted JPEG images

  - gdip_read_bmp_image() by processing specially crafted     BMP image

This update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code :

  - gdip_load_tiff_image() by processing specially crafted     TIFF images

  - gdip_load_jpeg_image_internal() by processing specially     crafted JPEG images

  - gdip_read_bmp_image()by processing specially crafted BMP     image

Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- bugfix for three integer overflow errors (CVE-2010-1526)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been found and corrected in libgdiplus :

Multiple integer overflows in libgdiplus 2.6.7, as used in Mono, allow attackers to execute arbitrary code via (1) a crafted TIFF file, related to the gdip_load_tiff_image function in tiffcodec.c; (2) a crafted JPEG file, related to the gdip_load_jpeg_image_internal function in jpegcodec.c; or (3) a crafted BMP file, related to the gdip_read_bmp_image function in bmpcodec.c, leading to heap-based buffer overflows (CVE-2010-1526).

The updated packages have been patched to correct this issue.

ID	Name	Product	Family	Severity
75579	openSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)	Nessus	SuSE Local Security Checks	medium
71801	GLSA-201401-01 : Libgdiplus: Arbitrary code execution	Nessus	Gentoo Local Security Checks	medium
50932	SuSE 11 / 11.1 Security Update : libgdiplus0 (SAT Patch Numbers 2999 / 3000)	Nessus	SuSE Local Security Checks	medium
49878	SuSE 10 Security Update : libgdiplus (ZYPP Patch Number 7130)	Nessus	SuSE Local Security Checks	medium
49762	Ubuntu 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libgdiplus vulnerability (USN-993-1)	Nessus	Ubuntu Local Security Checks	medium
49672	openSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)	Nessus	SuSE Local Security Checks	medium
49669	openSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)	Nessus	SuSE Local Security Checks	medium
49156	Fedora 13 : libgdiplus-2.6.7-2.fc13 (2010-13698)	Nessus	Fedora Local Security Checks	medium
49155	Fedora 12 : libgdiplus-2.4.2-4.fc12 (2010-13695)	Nessus	Fedora Local Security Checks	medium
49154	Fedora 14 : libgdiplus-2.6.7-3.fc14 (2010-13676)	Nessus	Fedora Local Security Checks	medium
49063	Mandriva Linux Security Advisory : libgdiplus (MDVSA-2010:166)	Nessus	Mandriva Local Security Checks	medium

Detections

Analytics

CVE-2010-1526

high

Tenable Plugins

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium

medium