Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| daniel_mealha_cabrita | ziproxy | 2.4.2 |
| daniel_mealha_cabrita | ziproxy | 2.0.0 |
| daniel_mealha_cabrita | ziproxy | 2.7.9 |
| daniel_mealha_cabrita | ziproxy | 2.6.0 |
| daniel_mealha_cabrita | ziproxy | 1.5.0 |
| daniel_mealha_cabrita | ziproxy | 2.5.1 |
| daniel_mealha_cabrita | ziproxy | 2.6.9 |
| daniel_mealha_cabrita | ziproxy | 2.3.0 |
| daniel_mealha_cabrita | ziproxy | 1.2 |
| daniel_mealha_cabrita | ziproxy | 2.2.2 |
| daniel_mealha_cabrita | ziproxy | 2.5.2 |
| daniel_mealha_cabrita | ziproxy | 2.7.2 |
| daniel_mealha_cabrita | ziproxy | 2.3.5 |
| daniel_mealha_cabrita | ziproxy | 2.5.0 |
| daniel_mealha_cabrita | ziproxy | 2.2.0 |
| daniel_mealha_cabrita | ziproxy | * |
| daniel_mealha_cabrita | ziproxy | 2.1.1 |
| daniel_mealha_cabrita | ziproxy | 2.2.1 |
| daniel_mealha_cabrita | ziproxy | 2.5.9 |
| daniel_mealha_cabrita | ziproxy | 2.4.8 |
| daniel_mealha_cabrita | ziproxy | 1.4.0 |
| daniel_mealha_cabrita | ziproxy | 2.1.0 |
| daniel_mealha_cabrita | ziproxy | 1.9.0 |
| daniel_mealha_cabrita | ziproxy | 2.4.1 |
| daniel_mealha_cabrita | ziproxy | 1.5.1 |
| daniel_mealha_cabrita | ziproxy | 1.5.2 |
| daniel_mealha_cabrita | ziproxy | 2.4.0 |
| daniel_mealha_cabrita | ziproxy | 2.4.3 |
| daniel_mealha_cabrita | ziproxy | 1.1 |
| daniel_mealha_cabrita | ziproxy | 1.3 |
| daniel_mealha_cabrita | ziproxy | 2.7.0 |
| daniel_mealha_cabrita | ziproxy | 3.0.1 |
| daniel_mealha_cabrita | ziproxy | 2.7.1 |
Heap-based buffer overflow in the PNG decoder in Ziproxy 3.1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNG file.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| daniel_mealha_cabrita | ziproxy | 3.1.0 |