Vulnerabilities in imlib2 open source graphics library
Security services provider Secunia has reported that two bugs in the imlib2 1.4.0 open source graphics library can be exploited using crafted images to inject and execute malicious code. All applications which make use of imlib2 for image processing are affected. Applications that use imlib2 include GNOME, the open source desktop and Enlightenment, the window manager.
A boundary error in the load
function in loader_pnm.c
can lead to a stack buffer overflow when processing PNM format image headers. A boundary error in the loader_xpm.c
function can lead to a stack buffer overflow when processing XPM images. Both buffer overflows can be exploited to inject and execute arbitrary code.
Versions prior to 1.4.0 are also likely to be affected. According to the report, the bug is fixed in the library's CVS and distributors should be releasing updated packages shortly.
See also:
- imlib2 PNM and XPM Buffer Overflows, security advisory from Secunia
(mba)