Joined: 12 May 2004
|Posted: Wed Apr 18, 2012 12:26 am Post subject: [ GLSA 201204-05 ] SWFTools: User-assisted execution of arbi
|Gentoo Linux Security Advisory
Title: SWFTools: User-assisted execution of arbitrary code (GLSA 201204-05)
Date: April 17, 2012
Updated: April 18, 2012
A heap-based buffer overflow in SWFTools could result in the
execution of arbitrary code.
SWFTools is a collection of SWF manipulation and generation utilities
written by Rainer Böhme and Matthias Kramm.
Vulnerable: <= 0.9.1
Architectures: All supported architectures
Integer overflow errors in the "getPNG()" function in png.c and the
"jpeg_load()" function in jpeg.c could cause a heap-based buffer
A remote attacker could entice a user to open a specially crafted PNG or
JPEG file, possibly resulting in execution of arbitrary code with the
privileges of the process, or a Denial of Service condition.
There is no known workaround at this time.
Gentoo discontinued support for SWFTools. We recommend that users
NOTE: Users could upgrade to ">=media-gfx/swftools-0.9.1", however
|# emerge --unmerge "media-gfx/swftools"
these packages are not currently stable.
Last edited by GLSA on Fri Apr 05, 2013 4:30 am; edited 3 times in total