In association with heise online

« previous | next »
6 November 2006, 15:53

Code smuggling through imlib2

The imlib2 graphic library fails to validate whether graphic files in several different image formats actually contain valid data. This could allow attackers to execute arbitrary programs with the user's rights if the user opens the files with software that relies upon imlib2.

The flaw affects the processing routines for the ARGB, JPG, LBM, PNG, PNM, TGA and TIFF image formats in the library, part of the Enlightenment Desktop. These are not used in desktop applications, however, but rather by script languages like Perl, Ruby or PHP for the server-side processing of images.

The Ubuntu security advisory declined to provide details. No official patches have been released as yet. The Linux distributors will over time release updated packages with the error corrected.

See also:

(ehe)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-731757

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Crucial m4 SSD 128GB
  7. Gigabyte GeForce GTX 670 OC
  8. Palit GeForce GTX 670
  9. Diablo 3 (deutsch)
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit