CVE-2010-1513

Multiple integer overflows in src/image.c in Ziproxy before 3.0.1 allow remote attackers to execute arbitrary code via (1) a large JPG image, related to the jpg2bitmap function or (2) a large PNG image, related to the png2bitmap function, leading to heap-based buffer overflows.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
flexeraCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
daniel_mealha_cabritaziproxy
𝑥
≤ 3.0.0
daniel_mealha_cabritaziproxy
1.1
daniel_mealha_cabritaziproxy
1.2
daniel_mealha_cabritaziproxy
1.2:b
daniel_mealha_cabritaziproxy
1.3
daniel_mealha_cabritaziproxy
1.3:b
daniel_mealha_cabritaziproxy
1.3:beta
daniel_mealha_cabritaziproxy
1.3:c
daniel_mealha_cabritaziproxy
1.3:d
daniel_mealha_cabritaziproxy
1.4.0
daniel_mealha_cabritaziproxy
1.5.0
daniel_mealha_cabritaziproxy
1.5.1
daniel_mealha_cabritaziproxy
1.5.2
daniel_mealha_cabritaziproxy
1.9.0
daniel_mealha_cabritaziproxy
2.0.0
daniel_mealha_cabritaziproxy
2.1.0
daniel_mealha_cabritaziproxy
2.1.1
daniel_mealha_cabritaziproxy
2.2.0
daniel_mealha_cabritaziproxy
2.2.1
daniel_mealha_cabritaziproxy
2.2.2
daniel_mealha_cabritaziproxy
2.3.0
daniel_mealha_cabritaziproxy
2.3.5:beta
daniel_mealha_cabritaziproxy
2.4.0
daniel_mealha_cabritaziproxy
2.4.1
daniel_mealha_cabritaziproxy
2.4.2
daniel_mealha_cabritaziproxy
2.4.3
daniel_mealha_cabritaziproxy
2.4.8:beta
daniel_mealha_cabritaziproxy
2.4.8:beta2
daniel_mealha_cabritaziproxy
2.5.0
daniel_mealha_cabritaziproxy
2.5.1
daniel_mealha_cabritaziproxy
2.5.2
daniel_mealha_cabritaziproxy
2.5.9:beta
daniel_mealha_cabritaziproxy
2.6.0
daniel_mealha_cabritaziproxy
2.6.9:beta
daniel_mealha_cabritaziproxy
2.6.9:beta2
daniel_mealha_cabritaziproxy
2.7.0
daniel_mealha_cabritaziproxy
2.7.1
daniel_mealha_cabritaziproxy
2.7.2
daniel_mealha_cabritaziproxy
2.7.9:beta
daniel_mealha_cabritaziproxy
2.7.9:beta2
daniel_mealha_cabritaziproxy
2.7.9:beta3
daniel_mealha_cabritaziproxy
3.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
ziproxy
bullseye
3.3.1-2.2
fixed
lenny
no-dsa
bookworm
3.3.2-6
fixed
sid
3.3.2-7
fixed
trixie
3.3.2-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
ziproxy
saucy
not-affected
raring
not-affected
quantal
not-affected
precise
not-affected
oneiric
not-affected
natty
not-affected
maverick
ignored
lucid
ignored
karmic
ignored
jaunty
ignored
hardy
dne
dapper
dne
Common Weakness Enumeration
References
http://secunia.com/advisories/39941
http://secunia.com/secunia_research/2010-75/
http://www.securityfocus.com/archive/1/511424/100/0/threaded
http://ziproxy.sourceforge.net/#news
http://secunia.com/advisories/39941
http://secunia.com/secunia_research/2010-75/
http://www.securityfocus.com/archive/1/511424/100/0/threaded
http://ziproxy.sourceforge.net/#news