Upstream information
Description
Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2) the png_instantiate function processing a crafted PNG file, and (3) the jpeg_instantiate function processing a crafted JPEG file, all which trigger a heap-based buffer overflow. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.NVD CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Novell/SUSE information
Novell Bugzilla entry: 522586 SUSE Security Advisories:- SUSE-SR:2009:014, published Tue, 01 Sep 2009 07:00:00 +0000
List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SLES SDK 9 for IBM S/390 and IBM zSeries SLES SDK 9 for IBM iSeries and IBM pSeries SLES SDK 9 for IBM zSeries SLES SDK 9 for IPF SLES SDK 9 for X86-64 SLES SDK 9 for x86 |
| core9.s390 core9.ppc core9.s390x core9.x86 core9.ia64 core9.x86-64 YOU Patch Nr: 12472 |
| SUSE Linux Enterprise Desktop 10 SP2 for AMD64 and Intel EM64T SUSE Linux Enterprise Desktop 10 SP2 for x86 |
| sle10-sp2-sdk.ppc sle10-sp2-sdk.x86-64 sle10-sp2-sdk.s390x sled10-sp2.x86 sle10-sp2-sdk.ia64 sle10-sp2-sdk.x86 sled10-sp2.x86-64 ZYPP Patch Nr: 6413 |
| openSUSE 10.3 |
|