Ubuntu
wxwidgets2.6 package

Integer overflow in the wxImage::Create function

Bug #467981 reported by Stefan Lesicnik
260
This bug affects 1 person
Affects Status Importance Assigned to Milestone
wxwidgets2.6 (Ubuntu)
Invalid
Undecided
Unassigned
Jaunty
Fix Released
Low
Unassigned

Bug Description

CVE 2009-2369

Integer overflow in the wxImage::Create function in src/common/image.cpp in wxWidgets 2.8.10 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted JPEG file, which triggers a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Fixed in Karmic already.

CVE References

Stefan Lesicnik (stefanlsd)
visibility: private → public
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :
Revision history for this message
Stefan Lesicnik (stefanlsd) wrote :

From upstream

http://trac.wxwidgets.org/changeset/60875
http://trac.wxwidgets.org/changeset/60876
http://trac.wxwidgets.org/changeset/60897

Marc Deslauriers (mdeslaur)
Changed in wxwidgets2.6 (Ubuntu):
status: New → In Progress
importance: Undecided → Low
Revision history for this message
Kees Cook (kees) wrote :

Debdiff looks good, building now. Thanks!

Changed in wxwidgets2.6 (Ubuntu):
status: In Progress → Confirmed
Kees Cook (kees)
Changed in wxwidgets2.6 (Ubuntu):
status: Confirmed → Fix Committed
Changed in wxwidgets2.6 (Ubuntu Jaunty):
status: New → Invalid
status: Invalid → Fix Committed
importance: Undecided → Low
Changed in wxwidgets2.6 (Ubuntu):
status: Fix Committed → Invalid
importance: Low → Undecided
Kees Cook (kees)
Changed in wxwidgets2.6 (Ubuntu Jaunty):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.