‘Ziproxy Multiple Integer Overflow Vulnerabilities’
‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-75/‘
* Ziproxy 3.0.0.
* Ziproxy 3.0.1.
The following vulnerabilities were discovered:
1) An integer overflow within the ‘jpg2bitmap()’ function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted JPG images.
2) An integer overflow within the ‘png2bitmap()’ function in src/image.c can be exploited to cause a heap-based buffer overflow via specially crafted PNG images.
19/05/2010 – Vendor notified.
19/05/2010 – Vendor response.
20/05/2010 – Vendor issues fixed version.
24/05/2010 – Public disclosure.’