Package: libgdiplus Tags: security Vulnerabilities have been discoverd in libgdiplus. Here is the summary from Secunia's advisory:
| Secunia Research has discovered three vulnerabilities in libgdiplus | for Mono, which can be exploited by malicious people to compromise an | application using the library. | | 1) An integer overflow error within the "gdip_load_tiff_image()" | function in src/tiffcodec.c can be exploited to cause a heap-based | buffer overflow by e.g. processing specially crafted TIFF images in | an application using the library. | | 2) An integer overflow error within the | "gdip_load_jpeg_image_internal()" function in src/jpegcodec.c can be | exploited to cause a heap-based buffer overflow by e.g. processing | specially crafted JPEG images in an application using the library. | | 3) An integer overflow error within the "gdip_read_bmp_image()" | function in src/bmpcodec.c can be exploited to cause a heap-based | buffer overflow by e.g. processing specially crafted BMP images in an | application using the library. <http://article.gmane.org/gmane.comp.security.bugtraq/44343> This should probably be fixed in a point release for lenny. -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org