Kjetil Kjernsmo wrote: > Package: libimager-perl > Version: 0.44-1 > Severity: important > Tags: security > > We have found that libimager-perl, aka Imager, versions < 0.49_01, has a > bug that can result in a Segmentation Fault if it operates on 4-channel > JPEG images. > > If setting $picture to a blob containing a JPEG image with 4 channels, > the problem should be reproducable: > > use Imager; > my $img = Imager->new(); > $img->read(data=>$picture); > warn "imager is saving.."; > $img->write(data=>\$picture,type=>"jpeg"); > warn "imager is done saving.."; > > > We have worked with upstream developer Tony Cook, who has a fix > ready. If the library is used to process images from remote sources, > this problem can be exploited to perform a DoS attack, thus we have > tagged the report security. > > Ole Kasper Olsen and Kjetil Kjernsmo > Opera Software ASA
Thanks for the report. A stable security update will be prepared. This is CVE-2006-0053. Cheers, Moritz -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]