Security Advisories (6)
Imager would search the default current directory entry in @INC when searching for file format support modules.
- https://metacpan.org/dist/Imager/changes
- http://www.nntp.perl.org/group/perl.perl5.porters/2016/07/msg238271.html
- http://www.securitytracker.com/id/1036440
- http://perl5.git.perl.org/perl.git/commit/cee96d52c39b1e7b36e1c62d38bcd8d86e9a41ab
- https://rt.perl.org/Public/Bug/Display.html?id=127834
- http://www.securityfocus.com/bid/92136
- http://www.debian.org/security/2016/dsa-3628
- https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05240731
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DOFRQWJRP2NQJEYEWOMECVW3HAMD5SYN/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TZBNQH3DMI7HDELJAZ4TFJJANHXOEDWH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2FBQOCV3GBAN2EYZUM3CFDJ4ECA3GZOK/
- https://security.gentoo.org/glsa/201701-75
- https://lists.apache.org/thread.html/7f6a16bc0fd0fd5e67c7fd95bd655069a2ac7d1f88e42d3c853e601c@%3Cannounce.apache.org%3E
- https://lists.debian.org/debian-lts-announce/2018/11/msg00016.html
- https://security.gentoo.org/glsa/201812-07
- http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00002.html
Heap-based buffer overflow in the BMP reader (bmp.c) in Imager perl module (libimager-perl) 0.45 through 0.56 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted 8-bit/pixel compressed BMP files.
- http://imager.perl.org/a/65.html
- http://rt.cpan.org/Public/Bug/Display.html?id=26811
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=421582
- http://www.debian.org/security/2008/dsa-1498
- http://www.securityfocus.com/bid/23711
- http://secunia.com/advisories/25038
- http://secunia.com/advisories/28868
- http://osvdb.org/39846
- http://www.vupen.com/english/advisories/2007/1587
- http://osvdb.org/35470
- https://exchange.xforce.ibmcloud.com/vulnerabilities/34010
When drawing on an image with an alpha channel where the source minimum is greater than zero, Imager would read from beyond the end of a malloc() allocated buffer. In rare circumstances this could lead to some of the source image not being written to the target image, or possibly to a segmentation fault.
"invalid next size" backtrace on use of trim on certain images
Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference.
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
- http://rt.cpan.org/Public/Bug/Display.html?id=18397
- http://secunia.com/advisories/19575
- http://secunia.com/advisories/19577
- http://www.debian.org/security/2006/dsa-1028
- http://www.securityfocus.com/bid/17415
- http://www.vupen.com/english/advisories/2006/1294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25717
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=359661
- http://rt.cpan.org/Public/Bug/Display.html?id=18397
- http://secunia.com/advisories/19575
- http://secunia.com/advisories/19577
- http://www.debian.org/security/2006/dsa-1028
- http://www.securityfocus.com/bid/17415
- http://www.vupen.com/english/advisories/2006/1294
- https://exchange.xforce.ibmcloud.com/vulnerabilities/25717
Imager versions through 1.030 for Perl allow a heap out of bounds (OOB) write on crafted multi-frame GIF files. Imager::File::GIF's i_readgif_multi_low allocates a single per-row buffer GifRow sized for the GIF's global screen width 'SWidth' and reuses it across every image in the file. The page-match branch validates Image.Width + Image.Left > SWidth before each DGifGetLine write, but the parallel skip-image branch at imgif.c:790-805 calls DGifGetLine(GifFile, GifRow, Width) with no such check.
NAME
Imager::Regops - generated information about the register based VM
SYNOPSIS
use Imager::Regops;
$Imager::Regops::Attr{$opname}->{opcode} # opcode for given operator
$Imager::Regops::Attr{$opname}->{parms} # number of parameters
$Imager::Regops::Attr{$opname}->{types} # types of parameters
$Imager::Regops::Attr{$opname}->{func} # operator is a function
$Imager::Regops::Attr{$opname}->{result} # r for numeric, p for pixel result
$Imager::Regops::MaxOperands; # maximum number of operandsDESCRIPTION
This module is generated automatically from regmach.h so we don't need to maintain the same information in at least one extra place.
At least that's the idea.
AUTHOR
Tony Cook, tony@develop-help.com
SEE ALSO
perl(1), Imager(3), http://www.eecs.umich.edu/~addi/perl/Imager/
Module Install Instructions
To install Imager, copy and paste the appropriate command in to your terminal.
cpanm Imagerperl -MCPAN -e shell
install ImagerFor more information on module installation, please visit the detailed CPAN module installation guide.