CVE-2010-1526

Name of the Vulnerable Software and Affected Versions libgdiplus versions prior to 2.6.7

Description The issue is related to multiple integer overflows in libgdiplus, which can be exploited by attackers to execute arbitrary code. This can be achieved through crafted image files, including TIFF, JPEG, and BMP files. The exploitation is linked to specific functions: gdip load tiff image in tiffcodec.c, gdip load jpeg image internal in jpegcodec.c, and gdip read bmp image in bmpcodec.c, leading to heap-based buffer overflows. The vulnerability can be exploited remotely and may lead to a breach of confidentiality, integrity, and availability of protected information.

Recommendations For libgdiplus versions prior to 2.6.7, update to version 2.6.7 or later to resolve the issue. As a temporary workaround, consider restricting the use of libgdiplus for handling TIFF, JPEG, and BMP files until a patch is applied. Avoid using the gdip load tiff image, gdip load jpeg image internal, and gdip read bmp image functions in the affected codec files (tiffcodec.c, jpegcodec.c, and bmpcodec.c) to minimize the risk of exploitation.