Ziproxy PNG Image Processing Buffer Overflow Vulnerability Network Vulnerability

Summary

The host is running Ziproxy server and is prone to buffer overflow vulnerability.

Impact

Successful exploits may allow remote attackers to execute arbitrary code on the system with elevated privileges or cause the application to crash. Impact Level: Application

Solution

Upgrade to the latest version of Ziproxy 3.1.1 or later, For updates refer to http://sourceforge.net/projects/ziproxy/files/

Insight

The flaw is caused by a heap overflow error in the PNG decoder when processing malformed data, which could be exploited by attackers to crash an affected server or execute arbitrary code via a specially crafted PNG image.

Affected

Ziproxy version 3.1.0

References

http://secunia.com/advisories/40156
http://xforce.iss.net/xforce/xfdb/59510
http://ziproxy.cvs.sourceforge.net/viewvc/ziproxy/ziproxy-default/ChangeLog?revision=1.240&view=markup

Updated on 2015-03-25

Severity

Classification

CVE CVE-2010-2350

CVSS	Base Score: 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Personal File Share HTTP Server Remote Buffer Overflow Vulnerability
Novell File Reporter 'SRS' Tag Arbitrary File Deletion Vulnerability
KMPlayer '.mp3' File Remote Buffer Overflow Vulnerability
XnView Multiple Image Decompression Heap Overflow Vulnerabilities (Windows)
Wireshark BER Dissector Stack Consumption Vulnerability (Mac OS X)

Take action and discover your vulnerabilities