p5-Imager -- possibly exploitable buffer overflow

ID 632C98BE-AAD2-4AF2-849F-41A6862AFD6A
Type freebsd
Reporter FreeBSD
Modified 2010-05-12T00:00:00


Imager 0.56 and all earlier versions with BMP support have a security issue when reading compressed 8-bit per pixel BMP files where either a compressed run of data or a literal run of data overflows the scan-line. Such an overflow causes a buffer overflow in a malloc() allocated memory buffer, possibly corrupting the memory arena headers. The effect depends on your system memory allocator, with glibc this typically results in an abort, but with other memory allocators it may be possible to cause local code execution.