Vulnerability Description
Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffer overflows.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gallium.Inria | Camimages | 2.2 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/37067Vendor Advisory
- http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenPatch
- http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etchPatch
- http://www.debian.org/security/2009/dsa-1912Patch
- http://www.securityfocus.com/bid/36713Patch
- http://secunia.com/advisories/37067Vendor Advisory
- http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.2.0-4+lenPatch
- http://security.debian.org/pool/updates/main/c/camlimages/camlimages_2.20-8+etchPatch
- http://www.debian.org/security/2009/dsa-1912Patch
- http://www.securityfocus.com/bid/36713Patch
FAQ
What is CVE-2009-3296?
CVE-2009-3296 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple integer overflows in tiffread.c in CamlImages 2.2 might allow remote attackers to execute arbitrary code via TIFF images containing large width and height values that trigger heap-based buffe...
How severe is CVE-2009-3296?
CVE-2009-3296 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3296?
Check the references section above for vendor advisories and patch information. Affected products include: Gallium.Inria Camimages.