Launchpad CVE tracker

CVE 2010-1513

Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.

Related bugs and status

CVE-2010-1513 (Candidate) is related to these bugs:

Bug #569611: Fails to start when Address/OnlyFrom set in ziproxy.conf

Summary				In	Importance	Status
	569611	Fails to start when Address/OnlyFrom set in ziproxy.conf		ziproxy (Ubuntu)	Undecided	Fix Released

Bug #657024: Please sync ziproxy 3.1.3-1 (universe) from Debian unstable

		In	Importance	Status
657024	Please sync ziproxy 3.1.3-1 (universe) from Debian unstable	ziproxy (Ubuntu)	Undecided	Fix Released
657024	Please sync ziproxy 3.1.3-1 (universe) from Debian unstable	ziproxy (Debian)	Unknown	Fix Released
657024	Please sync ziproxy 3.1.3-1 (universe) from Debian unstable	ziproxy (Ubuntu Lucid)	Undecided	Won't Fix
657024	Please sync ziproxy 3.1.3-1 (universe) from Debian unstable	ziproxy (Ubuntu Maverick)	Undecided	Won't Fix

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-1513

References