oss-sec mailing list archives
Re: CVE Request: imlib2
From: "Steven M. Christey" <coley () linus mitre org>
Date: Thu, 20 Nov 2008 20:35:31 -0500 (EST)
SECUNIA:32796 suggests a Debian bug report, but I couldn't quickly find it. ====================================================== Name: CVE-2008-5187 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187 Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2 Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5 Reference: SECUNIA:32796 Reference: URL:http://secunia.com/advisories/32796 The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Current thread:
- CVE Request: imlib2 Pınar Yanardağ (Nov 20)
- Re: CVE Request: imlib2 Nico Golde (Nov 20)
- Re: CVE Request: imlib2 Steven M. Christey (Nov 20)
- Re: CVE Request: imlib2 Steven M. Christey (Nov 20)
- Re: CVE Request: imlib2 Pınar Yanardağ (Nov 21)
- Re: CVE Request: imlib2 Nico Golde (Nov 20)