Ziproxy PNG Image Processing Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running Ziproxy server and is prone to buffer overflow vulnerability.

Impact

Successful exploits may allow remote attackers to execute arbitrary code on the system with elevated privileges or cause the application to crash. Impact Level: Application

Solution

Upgrade to the latest version of Ziproxy 3.1.1 or later, For updates refer to http://sourceforge.net/projects/ziproxy/files/

Insight

The flaw is caused by a heap overflow error in the PNG decoder when processing malformed data, which could be exploited by attackers to crash an affected server or execute arbitrary code via a specially crafted PNG image.

Affected

Ziproxy version 3.1.0

References

http://secunia.com/advisories/40156
http://xforce.iss.net/xforce/xfdb/59510
http://ziproxy.cvs.sourceforge.net/viewvc/ziproxy/ziproxy-default/ChangeLog?revision=1.240&view=markup

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2350
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Wireshark BER Dissector Stack Consumption Vulnerability (Mac OS X)
Microsoft Windows Media Player '.mpg' Buffer Overflow Vulnerability
Pango Integer Buffer Overflow Vulnerability
SquidGuard Multiple Buffer Overflow Vulnerabilities
VMCI/HGFS VmWare Code Execution Vulnerability (Linux)

Take action and discover your vulnerabilities