lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 3 Jul 2009 21:09:32 +0100
From: Andrea Barisani <lcars@...rt.org>
To: oss-security@...ts.openwall.com, ocert-announce@...ts.ocert.org,
	bugtraq@...urityfocus.com
Subject: [oCERT-2009-008] Dillo integer overflow


#2009-008 Dillo integer overflow

Description:

Dillo, an open source graphical web browser, suffers from an integer overflow
which may lead to a potentially exploitable heap overflow and result in
arbitrary code execution.

The vulnerability is triggered by HTML pages with embedded PNG images, the
Png_datainfo_callback function does not properly validate the width and
height of the image. Specific PNG images with large width and height can be
crafted to trigger the vulnerability.

Affected version:

Dillo <= 2.1

Fixed version:

Dillo >= 2.1.1

Credit: vulnerability report and PoC code received from Tielei Wang
        <wangtielei [at] icst [dot] pku [dot] edu [dot] cn>, ICST-ERCIS.

CVE: CVE-2009-2294

Timeline:

2009-05-21: vulnerability reported received
2009-06-18: contacted dillo maintainer
2009-06-18: maintainer requests PoC
2009-06-19: PoC is supplied
2009-06-19: maintainer provides patch
2009-06-24: revised patch is provided after reporter feedback
2009-06-25: patch is confirmed, maintainer requests one week of time to
            investigate further areas of the browser
2009-07-01: dillo developer proposes security release coordination
2009-07-03: advisory release

Permalink:
http://www.ocert.org/advisories/ocert-2009-008.html

-- 
Andrea Barisani |                Founder & Project Coordinator
          oCERT | Open Source Computer Emergency Response Team

<lcars@...rt.org>                         http://www.ocert.org
 0x864C9B9E 0A76 074A 02CD E989 CE7F AC3F DA47 578E 864C 9B9E
        "Pluralitas non est ponenda sine necessitate"

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ