openSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)

Medium Nessus Plugin ID 49669


The remote openSUSE host is missing a security update.


This update fixes three integer overflows found by Secunia Research member Stefan Cornelius that could possibly be exploited to execute arbitrary code :

- 'gdip_load_tiff_image()' by processing specially crafted TIFF images

- 'gdip_load_jpeg_image_internal()' by processing specially crafted JPEG images

- 'gdip_read_bmp_image()'by processing specially crafted BMP image (CVE-2010-1526)


Update the affected libgdiplus0 package.

See Also

Plugin Details

Severity: Medium

ID: 49669

File Name: suse_11_1_libgdiplus0-100824.nasl

Version: $Revision: 1.3 $

Type: local

Agent: unix

Published: 2010/09/24

Modified: 2014/06/13

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 6.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:novell:opensuse:libgdiplus0, cpe:/o:novell:opensuse:11.1

Required KB Items: Host/local_checks_enabled, Host/SuSE/release, Host/SuSE/rpm-list, Host/cpu

Patch Publication Date: 2010/08/24

Reference Information

CVE: CVE-2010-1526