GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
BID:13098
Info
GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
| Bugtraq ID: | 13098 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 11 2005 12:00AM |
| Updated: | Apr 11 2005 12:00AM |
| Credit: | These issues were reported by Bruno Rohee. |
| Vulnerable: |
Gwenview Gwenview 1.2 |
| Not Vulnerable: | |
Discussion
GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
GwenView is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.
It is reported that a malicious image may be used to trigger these issues.
A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.
This BID will be updated and split into unique BIDs as soon as further information is available.
GwenView is reported prone to multiple unspecified heap memory corruption vulnerabilities. It is reported that these issues are caused by a lack of sufficient sanity checks performed while allocating heap-based memory when the chunk size is derived from the image height, width and plane values.
It is reported that a malicious image may be used to trigger these issues.
A remote attacker may potentially exploit these vulnerabilities to crash affected software, or to potentially execute arbitrary code in the context of the user that is running the affected software, although this is not confirmed.
This BID will be updated and split into unique BIDs as soon as further information is available.
Exploit / POC
GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution / Fix
GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
GwenView Multiple Unspecified Image Handling Heap-Based Memory Corruption Vulnerabilities
References:
References:
- Gwenview Homepage (Gwenview)
- XV multiple buffer overflows (update) (Greg Roelofs