Vulnerability Description
Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Daniel Mealha Cabrita | Ziproxy | <= 3.0.0 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/39941Vendor Advisory
- http://secunia.com/secunia_research/2010-75/Vendor Advisory
- http://www.securityfocus.com/archive/1/511424/100/0/threaded
- http://ziproxy.sourceforge.net/#newsVendor Advisory
- http://secunia.com/advisories/39941Vendor Advisory
- http://secunia.com/secunia_research/2010-75/Vendor Advisory
- http://www.securityfocus.com/archive/1/511424/100/0/threaded
- http://ziproxy.sourceforge.net/#newsVendor Advisory
FAQ
What is CVE-2010-1513?
CVE-2010-1513 is a vulnerability with a CVSS score of 6.8 (MEDIUM). Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG imag...
How severe is CVE-2010-1513?
CVE-2010-1513 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2010-1513?
Check the references section above for vendor advisories and patch information. Affected products include: Daniel Mealha Cabrita Ziproxy.