FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

imlib -- xpm heap buffer overflows and integer overflows

Affected packages
imlib < 1.9.15_2
imlib2 < 1.1.2_1

Details

VuXML ID 2001103a-6bbd-11d9-851d-000a95bc6fae
Discovery 2004-12-06
Entry 2005-01-21

Pavel Kankovsky reports:

Imlib affected by a variant of CAN-2004-0782 too.

I've discovered more vulnerabilities in Imlib (1.9.13). In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw #1 (CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt). Look at the attached image, it kills ee on my 7.3.

[source]

The flaws also affect imlib2.

References

Bugtraq ID 11830
CVE Name CVE-2004-1025
CVE Name CVE-2004-1026
URL http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/src/modules/loaders/loader_xpm.c#rev1.3
URL https://bugzilla.fedora.us/show_bug.cgi?id=2051#c11
URL https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=138516

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.