Executive Summary
Summary | |
---|---|
Title | Libgdiplus: Arbitrary code execution |
Informations | |||
---|---|---|---|
Name | GLSA-201401-01 | First vendor Publication | 2014-01-05 |
Vendor | Gentoo | Last vendor Modification | 2014-01-05 |
Severity (Vendor) | Normal | Revision | N/A |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P) | |||
---|---|---|---|
Cvss Base Score | 6.8 | Attack Range | Network |
Cvss Impact Score | 6.4 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Synopsis Multiple integer overflow vulnerabilities in Libgdiplus may allow remote attackers to execute arbitrary code. Background Description Impact Workaround Resolution Packages which depend on this library may need to be recompiled. Tools such as revdep-rebuild may assist in identifying some of these packages. NOTE: This is a legacy GLSA. Updates for all affected architectures are available since September 12, 2010. It is likely that your system is already no longer affected by this issue. References Availability http://security.gentoo.org/glsa/glsa-201401-01.xml |
Original Source
Url : http://security.gentoo.org/glsa/glsa-201401-01.xml |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-189 | Numeric Errors (CWE/SANS Top 25) |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:13058 | |||
Oval ID: | oval:org.mitre.oval:def:13058 | ||
Title: | USN-993-1 -- libgdiplus vulnerability | ||
Description: | Stefan Cornelius discovered that libgdiplus incorrectly handled certain image files. If a user or automated system were tricked into opening a crafted image file, an attacker could cause a denial of service or possibly execute arbitrary code with the privileges of the user invoking the program. | ||
Family: | unix | Class: | patch |
Reference(s): | USN-993-1 CVE-2010-1526 | Version: | 5 |
Platform(s): | Ubuntu 8.04 Ubuntu 10.04 Ubuntu 9.04 Ubuntu 9.10 | Product(s): | libgdiplus |
Definition Synopsis: | |||
|
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-12-02 | Name : Fedora Update for libgdiplus FEDORA-2010-13676 File : nvt/gb_fedora_2010_13676_libgdiplus_fc14.nasl |
2010-10-01 | Name : Ubuntu Update for libgdiplus vulnerability USN-993-1 File : nvt/gb_ubuntu_USN_993_1.nasl |
2010-09-10 | Name : Fedora Update for libgdiplus FEDORA-2010-13695 File : nvt/gb_fedora_2010_13695_libgdiplus_fc12.nasl |
2010-09-10 | Name : Fedora Update for libgdiplus FEDORA-2010-13698 File : nvt/gb_fedora_2010_13698_libgdiplus_fc13.nasl |
2010-09-07 | Name : Mandriva Update for libgdiplus MDVSA-2010:166 (libgdiplus) File : nvt/gb_mandriva_MDVSA_2010_166.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
67375 | Mono libgdiplus bmpcodec.c gdip_read_bmp_image Function Overflow |
67374 | Mono libgdiplus jpegcodec.c gdip_load_jpeg_image_internal Function Overflow |
67373 | Mono libgdiplus tiffcodec.c gdip_load_tiff_image Function Overflow |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-06-13 | Name : The remote openSUSE host is missing a security update. File : suse_11_3_libgdiplus0-100824.nasl - Type : ACT_GATHER_INFO |
2014-01-06 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201401-01.nasl - Type : ACT_GATHER_INFO |
2010-12-02 | Name : The remote SuSE 11 host is missing a security update. File : suse_11_libgdiplus0-100824.nasl - Type : ACT_GATHER_INFO |
2010-10-06 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-993-1.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_1_libgdiplus0-100824.nasl - Type : ACT_GATHER_INFO |
2010-09-24 | Name : The remote openSUSE host is missing a security update. File : suse_11_2_libgdiplus0-100824.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13676.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13695.nasl - Type : ACT_GATHER_INFO |
2010-09-09 | Name : The remote Fedora host is missing a security update. File : fedora_2010-13698.nasl - Type : ACT_GATHER_INFO |
2010-09-01 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2010-166.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:38:00 |
|
2014-01-05 05:18:18 |
|