FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imlib2 -- BMP decoder buffer overflow

Affected packages
imlib2 <= 1.1.1


VuXML ID ba005226-fb5b-11d8-9837-000c41e2cdad
Discovery 2004-08-31
Entry 2004-08-31

Marcus Meissner discovered that imlib2's BMP decoder would crash when loading the test BMP file created by Chris Evans for testing the previous Qt vulnerability. There appears to be both a stack-based and a heap-based buffer overflow that are believed to be exploitable for arbitrary code execution.


CVE Name CVE-2004-0802