Code smuggling through imlib2
The imlib2 graphic library fails to validate whether graphic files in several different image formats actually contain valid data. This could allow attackers to execute arbitrary programs with the user's rights if the user opens the files with software that relies upon imlib2.
The flaw affects the processing routines for the ARGB, JPG, LBM, PNG, PNM, TGA and TIFF image formats in the library, part of the Enlightenment Desktop. These are not used in desktop applications, however, but rather by script languages like Perl, Ruby or PHP for the server-side processing of images.
The Ubuntu security advisory declined to provide details. No official patches have been released as yet. The Linux distributors will over time release updated packages with the error corrected.
- imlib2 vulnerabilities, security advisory from Ubuntu