Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.
Vector
NETWORK
Complexity
MEDIUM
Authentication
NONE
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL
Daniel mealha cabrita Ziproxy 2.7.2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.7.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.7.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.6.9 Beta2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.6.9 Beta (not an official CPE)
Daniel mealha cabrita Ziproxy 2.6.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.5.9 Beta (not an official CPE)
Daniel mealha cabrita Ziproxy 2.5.2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.5.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.5.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.4.8 Beta2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.4.8 Beta (not an official CPE)
Daniel mealha cabrita Ziproxy 2.4.3 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.4.2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.4.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.4.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.3.5 Beta (not an official CPE)
Daniel mealha cabrita Ziproxy 2.3.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.2.2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.2.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.2.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.1.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.1.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.0.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.9.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.5.2 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.5.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.5.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.4.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.3 D (not an official CPE)
Daniel mealha cabrita Ziproxy 1.3 C (not an official CPE)
Daniel mealha cabrita Ziproxy 1.3 Beta (not an official CPE)
Daniel mealha cabrita Ziproxy 1.3 B (not an official CPE)
Daniel mealha cabrita Ziproxy 1.3 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.2 B (not an official CPE)
Daniel mealha cabrita Ziproxy 1.2 (not an official CPE)
Daniel mealha cabrita Ziproxy 1.1 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.7.9 Beta (not an official CPE)
Daniel mealha cabrita Ziproxy 2.7.9 Beta2 (not an official CPE)
Daniel mealha cabrita Ziproxy 2.7.9 Beta3 (not an official CPE)
Daniel mealha cabrita Ziproxy 3.0.0 (not an official CPE)
Daniel mealha cabrita Ziproxy 3.0.1 (not an official CPE)
| Advisory | Patch | Confirmed | Link |
|---|---|---|---|
| http://ziproxy.sourceforge.net/#news | |||
| 20100524 Secunia Research: Ziproxy Two Integer Overflow ... |