Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-201401-01
HistoryJan 05, 2014 - 12:00 a.m.

Libgdiplus: Arbitrary code execution

2014-01-0500:00:00
Gentoo Foundation
security.gentoo.org
14

0.003 Low

EPSS

Percentile

67.7%

JSON

Background

Libgdiplus is the Mono library that provide a GDI+ comptible API on non-Windows operating systems.

Description

An integer overflow flaw has been discovered in Libgdiplus.

Impact

A remote attacker could entice a user to open a specially-crafted TIFF/JPEG/BMP file, potentially resulting in arbitrary code execution.

Workaround

There is no known workaround at this time.

Resolution

All Libgdiplus users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-dotnet/libgdiplus-2.6.7-r1"

Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages.

NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 12, 2010. It is likely that your system is already no longer affected by this issue.

OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-dotnet/libgdiplus< 2.6.7-r1UNKNOWN

Related

fedora 3
nessus 11
openvas 11
altlinux 1
cvelist 1
ubuntu 1
securityvulns 2
cve 1
debiancve 1
ubuntucve 1
prion 1
fedora
fedora
[SECURITY] Fedora 12 Update: libgdiplus-2.4.2-4.fc12
2010-09-09 01:18:07
[SECURITY] Fedora 13 Update: libgdiplus-2.6.7-2.fc13
2010-09-09 01:21:21
[SECURITY] Fedora 14 Update: libgdiplus-2.6.7-3.fc14
2010-09-09 04:33:07
nessus
nessus
Fedora 12 : libgdiplus-2.4.2-4.fc12 (2010-13695)
2010-09-09 00:00:00
openSUSE Security Update : libgdiplus0 (openSUSE-SU-2010:0665-1)
2010-09-24 00:00:00
Fedora 13 : libgdiplus-2.6.7-2.fc13 (2010-13698)
2010-09-09 00:00:00
openvas
openvas
Fedora Update for libgdiplus FEDORA-2010-13676
2010-12-02 00:00:00
Gentoo Security Advisory GLSA 201401-01
2015-09-29 00:00:00
Fedora Update for libgdiplus FEDORA-2010-13695
2010-09-10 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 6 package libgdiplus version 2.6.7-alt2
2011-03-14 00:00:00
cvelist
cvelist
CVE-2010-1526
2010-08-24 20:00:00
ubuntu
ubuntu
libgdiplus vulnerability
2010-09-29 00:00:00
securityvulns
securityvulns
libgdiplus / Mono multiple integer overflows
2010-09-02 00:00:00
[ MDVSA-2010:166 ] libgdiplus
2010-09-02 00:00:00
cve
cve
CVE-2010-1526
2010-08-24 22:00:00
debiancve
debiancve
CVE-2010-1526
2010-08-24 22:00:00
ubuntucve
ubuntucve
CVE-2010-1526
2010-08-24 00:00:00
prion
prion
Integer overflow
2010-08-24 22:00:00

0.003 Low

EPSS

Percentile

67.7%

JSON
Related for GLSA-201401-01
fedora3nessus11openvas11altlinux1cvelist1ubuntu1securityvulns2cve1debiancve1ubuntucve1prion1