aMule Forum

Please login or register.

Login with username, password and session length
Advanced search  

News:

We're back! (IN POG FORM)

Author Topic: wxWidgets jpeg vulnerability  (Read 15070 times)

wuischke

  • Developer
  • Hero Member
  • *****
  • Karma: 183
  • Offline Offline
  • Posts: 4292
wxWidgets jpeg vulnerability
« on: September 19, 2009, 11:24:47 AM »

wxWidgets 2.8.10 is affected from a problem related to jpeg files (can cause crash and possible code execution):

http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-2369
http://trac.wxwidgets.org/ticket/10993 (includes links to 3 relevant changesets)

Thought I'd share since I'm getting reports anyway and maybe we'll see it affecting aMule, too. (We use this in wxCas and aMuleweb, anywhere else?)
Logged

Stu Redman

  • Administrator
  • Hero Member
  • *****
  • Karma: 214
  • Offline Offline
  • Posts: 3739
  • Engines screaming
Re: wxWidgets jpeg vulnerability
« Reply #1 on: September 19, 2009, 12:21:09 PM »

wxImage is tied to GUI and thus not used in amuleweb. That's why the strange PNGlib is used.  :(
Logged
The image of mother goddess, lying dormant in the eyes of the dead, the sheaf of the corn is broken, end the harvest, throw the dead on the pyre -- Iron Maiden, Isle of Avalon

Kry

  • Ex-developer
  • Retired admin
  • Hero Member
  • *****
  • Karma: -665
  • Offline Offline
  • Posts: 5795
Re: wxWidgets jpeg vulnerability
« Reply #2 on: September 19, 2009, 08:42:16 PM »

All our images are generated by the program, so I think we're safe.


If we did in-app preview or had a browser, it would be different.
Logged