Kjetil Kjernsmo wrote:
> Package: libimager-perl
> Version: 0.44-1
> Severity: important
> Tags: security
>
> We have found that libimager-perl, aka Imager, versions < 0.49_01, has a
> bug that can result in a Segmentation Fault if it operates on 4-channel
> JPEG images.
>
> If setting $picture to a blob containing a JPEG image with 4 channels,
> the problem should be reproducable:
>
> use Imager;
> my $img = Imager->new();
> $img->read(data=>$picture);
> warn "imager is saving..";
> $img->write(data=>\$picture,type=>"jpeg");
> warn "imager is done saving..";
>
>
> We have worked with upstream developer Tony Cook, who has a fix
> ready. If the library is used to process images from remote sources,
> this problem can be exploited to perform a DoS attack, thus we have
> tagged the report security.
>
> Ole Kasper Olsen and Kjetil Kjernsmo
> Opera Software ASA
Thanks for the report. A stable security update will be prepared.
This is CVE-2006-0053.
Cheers,
Moritz
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
