Skip Menu |

This queue is for tickets about the Imager CPAN distribution.

Report information
The Basics
Id: 35324
Status: resolved
Priority: 0/
Queue: Imager
People
Owner: TONYC [...] cpan.org
Requestors: TONYC [...] cpan.org
Cc:
AdminCc:
Bug Information
Severity: (no value)
Broken in:
  • 0.42
  • 0.43
  • 0.43_03
  • 0.44
  • 0.44_01
  • 0.45
  • 0.45_02
  • 0.46
  • 0.47
  • 0.48
  • 0.49
  • 0.49_01
  • 0.50
  • 0.51
  • 0.51_01
  • 0.51_02
  • 0.51_03
  • 0.52
  • 0.53
  • 0.55
  • 0.56
  • 0.57
  • 0.58
  • 0.59
  • 0.60
  • 0.61
  • 0.62
  • 0.63
Fixed in: (no value)

History Show all quoted text
  Tue Apr 22 21:25:13 2008 TONYC [...] cpan.org - Ticket created
Subject: buffer overflow when using an image based fill on a double precision image.
Using an image based fill on a large sample output image where the number of input channels does not match the number of output will result in a buffer overflow of a malloc()ed buffer. This typically results in corruption of the global memory arena. This at least could be used as a denial of service. Mitigating factors: - prior to Imager 0.56 no file formats were read at large sample sizes, so large sample images could only be created explicitly - the values written at the end of the buffer are doubles, so if a 16-bit/sample source image is read each double can only have 1 of 65536 values instead of the full range of possible doubles
  Wed Apr 23 00:14:16 2008 TONYC [...] cpan.org - Taken
  Wed Apr 23 00:19:17 2008 TONYC [...] cpan.org - Correspondence added
Fixed in Imager 0.64. Leaving this ticket open for now.
  Wed Apr 23 00:19:24 2008 TONYC [...] cpan.org - Status changed from 'new' to 'open'
  Wed Apr 23 18:29:50 2008 TONYC [...] cpan.org - Correspondence added
This issue has been assigned CVE-2008-1928
  Tue May 20 21:44:00 2008 TONYC [...] cpan.org - Status changed from 'open' to 'resolved'