Packet Storm - Information Security News, Files, Tools, Exploits, Advisories and Whitepapers http://packetstormsecurity.org/ en-us Mon, 28 May 2012 06:02:11 GMT 144400 http://packetstormsecurity.org/ http://www.google-analytics.com/__utm.gif?utmwv=1.3&utmn=1024570026&utmcs=ISO-8859-1&utmsr=31337x31337&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=-&utmcn=1&utmdt=Files%u2248%20Packet%20Storm&utmhn=packetstormsecurity.org&utmr=-&utmp=%2F0907-advisories%2FoCERT-2009-009.txt%2F&utmac=UA-18885198-1&utmcc=__utma%3D32867617.1024570026.1338184931.1338184931.1338184931.1%3B%2B__utmz%3D32867617.1338184931.1.1.utmccn%3D(direct)%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none) http://packetstormsecurity.org/files/78877/oCERT-2009-009.txt http://packetstormsecurity.org/files/78877/oCERT-2009-009.txt http://packetstormsecurity.org/files/78877/Open-Source-CERT-Security-Advisory-2009.9.html Thu, 02 Jul 2009 19:01:23 GMT CamlImages versions 2.2 and below suffer from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by PNG image parsing, the read_png_file and read_png_file_as_rgb24 functions do not properly validate the width and height of the image. Specific PNG images with large width and height can be crafted to trigger the vulnerability.