oss-sec mailing list archives

CVE Request: imlib2

From: Pınar Yanardağ <pinar () pardus org tr>
Date: Thu, 20 Nov 2008 15:02:04 +0200

From Secunia [1]

----
*Description*:

A vulnerability has been discovered in imlib2, which can be exploited bymalicious people to potentially compromise an application using the library.

The vulnerability is caused due to a pointer arithmetic error within the"load()" function provided by the XPM loader. This can be exploited tocause a heap-based buffer overflow via a specially crafted XPM file.


Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.4.2. Other versions may alsobe affected.

----

[1]: http://secunia.com/Advisories/32796

Can you assign a CVE please?

Cheers,

--
Pınar Yanardağ (a.k.a PINguAR)
http://pinguar.org
_____________________________

Pardus Security Team
http://security.pardus.org.tr

Current thread:

CVE Request: imlib2 Pınar Yanardağ (Nov 20)
- Re: CVE Request: imlib2 Nico Golde (Nov 20)
  - Re: CVE Request: imlib2 Steven M. Christey (Nov 20)
- Re: CVE Request: imlib2 Steven M. Christey (Nov 20)
  - Re: CVE Request: imlib2 Pınar Yanardağ (Nov 21)