FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imlib2 -- XPM processing buffer overflow vulnerability

Affected packages
imlib2 < 1.4.1.000_1,2
imlib2-nox11 < 1.4.1.000_1,2

Details

VuXML ID 910486d5-ba4d-11dd-8f23-0019666436c2
Discovery 2008-11-20
Entry 2008-11-24

Secunia reports:

A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to a pointer arithmetic error within the "load()" function provided by the XPM loader. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPM file.

Successful exploitation may allow execution of arbitrary code.

[source]

References

Bugtraq ID 32371
CVE Name CVE-2008-5187
URL http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15
URL http://bugzilla.enlightenment.org/show_bug.cgi?id=547
URL http://secunia.com/Advisories/32796/

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.