CamlImages, an open source image processing library, suffers from several integer overflows which may lead to a potentially exploitable heap overflow and result in arbitrary code execution. The vulnerability is triggered by TIFF image parsing. Specific TIFF images with large width and height can be crafted to trigger the vulnerability.
I had to rebase the patch against latest upstream (3.0.1). Also the patch in comment 1 is itself somehow malformed. In any case, I applied it by hand against the new codebase. Built in dist-f13: http://koji.fedoraproject.org/koji/taskinfo?taskID=1749533
Build for F10, F11 and F12. I can't link back to this bug in the updates, apparently because this bug is private?
I've updated CVS for EL-4 and EL-5. However this package was never actually built or released in those two branches, and doesn't build because there are significant missing dependencies. Closing this one now ...
ocaml-camlimages-3.0.1-7.fc11.3 has been pushed to the Fedora 11 stable repository. If problems still persist, please make note of it in this bug report.
ocaml-camlimages-3.0.1-3.fc10.3 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.