FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imlib2 -- XPM processing buffer overflow vulnerability

Affected packages
imlib2 <,2
imlib2-nox11 <,2


VuXML ID 910486d5-ba4d-11dd-8f23-0019666436c2
Discovery 2008-11-20
Entry 2008-11-24

Secunia reports:

A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to a pointer arithmetic error within the "load()" function provided by the XPM loader. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPM file.

Successful exploitation may allow execution of arbitrary code.


Bugtraq ID 32371
CVE Name CVE-2008-5187