REDHAT-BUG-511994: Integer Overflow
First published: Wed Jul 15 2009(Updated: )
Tielei Wang has discovered [1] some vulnerabilities in XEmacs, which can be exploited by malicious people to potentially compromise a user's system. 1) An integer overflow error within the "tiff_instantiate()" function in glyphs-eimage.c can be exploited to cause a heap-based buffer overflow via a specially crafted TIFF file. 2) An integer overflow error within the "png_instantiate()" function in glyphs-eimage.c can be exploited to cause a heap-based buffer overflow via a specially crafted PNG file. 3) An integer overflow error within the "jpeg_instantiate()" function in glyphs-eimage.c can be exploited to cause a heap-based buffer overflow via a specially crafted JPEG file. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. Gentoo [2] reported this upstream [3], and while upstream's bug is not public, the notes in the Gentoo BZ indicate upstream does not really consider this a security bug. Gentoo's BZ also indicates this issue does not exist in emacs. [1] <a href="http://secunia.com/advisories/35348/">http://secunia.com/advisories/35348/</a> [2] <a href="http://bugs.gentoo.org/show_bug.cgi?id=275397">http://bugs.gentoo.org/show_bug.cgi?id=275397</a> [3] <a href="http://tracker.xemacs.org/XEmacs/its/issue534">http://tracker.xemacs.org/XEmacs/its/issue534</a> Patches taken from Gentoo will be attached to this bug (found in their portage tree; taken from upstream).
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GNU XEmacs |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://secunia.com/advisories/35348/
- http://bugs.gentoo.org/show_bug.cgi?id=275397
- http://tracker.xemacs.org/XEmacs/its/issue534
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=353914&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=353914&action=edit
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=353915&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=353915&action=edit
- https://access.redhat.com/security/cve/CVE-2009-2688
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2688
- https://bugs.gentoo.org/show_bug.cgi?id=275397
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=511994
- http://www.securityfocus.com/bid/35473
- http://osvdb.org/55298
- http://secunia.com/advisories/35348
- http://www.vupen.com/english/advisories/2009/1666
- http://xforce.iss.net/xforce/xfdb/51334
- http://xforce.iss.net/xforce/xfdb/51333
- http://xforce.iss.net/xforce/xfdb/51332
- http://www.redhat.com/security/updates/classification/
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=511994#c1
- http://admin.fedoraproject.org/updates/xemacs-21.5.29-2.fc11
- https://bugzilla.redhat.com/show_bug.cgi?id=511994
- agent/references
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2009-2688
- agent/source
- agent/weakness
- agent/severity
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/xemacs
- canonical/gnu xemacs