In association with heise online

06 November 2006, 14:53

Code smuggling through imlib2

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

The imlib2 graphic library fails to validate whether graphic files in several different image formats actually contain valid data. This could allow attackers to execute arbitrary programs with the user's rights if the user opens the files with software that relies upon imlib2.

The flaw affects the processing routines for the ARGB, JPG, LBM, PNG, PNM, TGA and TIFF image formats in the library, part of the Enlightenment Desktop. These are not used in desktop applications, however, but rather by script languages like Perl, Ruby or PHP for the server-side processing of images.

The Ubuntu security advisory declined to provide details. No official patches have been released as yet. The Linux distributors will over time release updated packages with the error corrected.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit