oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE Request: imlib2

From: Pınar Yanardağ <pinar () pardus org tr>
Date: Fri, 21 Nov 2008 12:06:52 +0200
On 11/21/2008 03:35 AM Steven M. Christey wrote:

SECUNIA:32796 suggests a Debian bug report, but I couldn't quickly find
it.



It seems they've added the reference today:

-----
*Changelog*:
2008-11-21: Added link to "Original Advisory" section.

*Original Advisory*:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714

----




======================================================
Name: CVE-2008-5187
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5
Reference: SECUNIA:32796
Reference: URL:http://secunia.com/advisories/32796

The load function in the XPM loader for imlib2 1.4.2, and possibly
other versions, allows attackers to execute arbitrary code via a
crafted XPM file that triggers a "pointer arithmetic error" and a
heap-based buffer overflow, a different vulnerability than
CVE-2008-2426.  NOTE: the provenance of this information is unknown;
the details are obtained solely from third party information.






--
Pınar Yanardağ (a.k.a PINguAR)
http://pinguar.org
_____________________________

Pardus Security Team
http://security.pardus.org.tr
Previous By Date Next
Previous By Thread Next

Current thread: