FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

p5-Imager -- possibly exploitable buffer overflow

Affected packages
p5-Imager < 0.57

Details

VuXML ID 632c98be-aad2-4af2-849f-41a6862afd6a
Discovery 2007-04-04
Entry 2007-04-30
Modified 2010-05-12

Imager 0.56 and all earlier versions with BMP support have a security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line.

Such an overflow causes a buffer overflow in a malloc() allocated memory buffer, possibly corrupting the memory arena headers.

The effect depends on your system memory allocator, with glibc this typically results in an abort, but with other memory allocators it may be possible to cause local code execution.

References

CVE Name CVE-2007-1942
CVE Name CVE-2007-1943
CVE Name CVE-2007-1946
CVE Name CVE-2007-1948
URL http://ifsec.blogspot.com/2007/04/several-windows-image-viewers.html
URL https://rt.cpan.org/Public/Bug/Display.html?id=26811