Package: libimlib2 Severity: grave Tags: security patch Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for libimlib2.
CVE-2008-2426[0]: | Secunia Research has discovered two vulnerabilities in imlib2, which | can be exploited by malicious people to cause a DoS (Denial of | Service) or compromise an application using the library. | | 1) A boundary error exists within the "load()" function in | src/modules/loaders/loader_pnm.c when processing the header of a | PNM image file. This can be exploited to cause a stack-based buffer | overflow by e.g. tricking a user into opening a specially crafted | PNM image in an application using the imlib2 library. | | Successful exploitation allows execution of arbitrary code. | | 2) A boundary error exists within the "load()" function in | src/modules/loader_xpm.c when processing an XPM image file. This can | be exploited to cause a stack-based buffer overflow by e.g. tricking | a user into opening a specially crafted XPM image with an application | using the imlib2 library. Patches: https://bugzilla.redhat.com/attachment.cgi?id=307178 https://bugzilla.redhat.com/attachment.cgi?id=307177 If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2426 http://security-tracker.debian.net/tracker/CVE-2008-2426 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpOkWITgMMMk.pgp
Description: PGP signature
