GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Apr 18, 2012 12:26 am Post subject: [ GLSA 201204-05 ] SWFTools: User-assisted execution of arbi |
 |
|
Gentoo Linux Security Advisory
Title: SWFTools: User-assisted execution of arbitrary code (GLSA 201204-05)
Severity: normal
Exploitable: remote
Date: April 17, 2012
Updated: April 18, 2012
Bug(s): #332649
ID: 201204-05
Synopsis
A heap-based buffer overflow in SWFTools could result in the
execution of arbitrary code.
Background
SWFTools is a collection of SWF manipulation and generation utilities
written by Rainer Böhme and Matthias Kramm.
Affected Packages
Package: media-gfx/swftools
Vulnerable: <= 0.9.1
Architectures: All supported architectures
Description
Integer overflow errors in the "getPNG()" function in png.c and the
"jpeg_load()" function in jpeg.c could cause a heap-based buffer
overflow.
Impact
A remote attacker could entice a user to open a specially crafted PNG or
JPEG file, possibly resulting in execution of arbitrary code with the
privileges of the process, or a Denial of Service condition.
Workaround
There is no known workaround at this time.
Resolution
Gentoo discontinued support for SWFTools. We recommend that users
unmerge swftools:
| Code: | # emerge --unmerge "media-gfx/swftools"
|
NOTE: Users could upgrade to ">=media-gfx/swftools-0.9.1", however
these packages are not currently stable.
References
CVE-2010-1516
Last edited by GLSA on Fri Apr 05, 2013 4:30 am; edited 3 times in total |
|
News & Announcements
