FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imlib2 -- BMP decoder buffer overflow

Affected packages
imlib2 <= 1.1.1

Details

VuXML ID ba005226-fb5b-11d8-9837-000c41e2cdad
Discovery 2004-08-31
Entry 2004-08-31

Marcus Meissner discovered that imlib2's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. There appears to be both a stack-based and a heap-based buffer overflow that are believed to be exploitable for arbitrary code execution.

References

CVE Name CVE-2004-0802
URL http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup