oss-sec mailing list archives
Re: CVE Request: imlib2
From: Pınar Yanardağ <pinar () pardus org tr>
Date: Fri, 21 Nov 2008 12:06:52 +0200
On 11/21/2008 03:35 AM Steven M. Christey wrote:
SECUNIA:32796 suggests a Debian bug report, but I couldn't quickly find it.
It seems they've added the reference today: ----- *Changelog*: 2008-11-21: Added link to "Original Advisory" section. *Original Advisory*: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714 ----
====================================================== Name: CVE-2008-5187 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187 Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2 Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5 Reference: SECUNIA:32796 Reference: URL:http://secunia.com/advisories/32796 The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
-- Pınar Yanardağ (a.k.a PINguAR) http://pinguar.org _____________________________ Pardus Security Team http://security.pardus.org.tr
Current thread:
- CVE Request: imlib2 Pınar Yanardağ (Nov 20)
- Re: CVE Request: imlib2 Nico Golde (Nov 20)
- Re: CVE Request: imlib2 Steven M. Christey (Nov 20)
- Re: CVE Request: imlib2 Steven M. Christey (Nov 20)
- Re: CVE Request: imlib2 Pınar Yanardağ (Nov 21)
- Re: CVE Request: imlib2 Nico Golde (Nov 20)