In association with heise online

02 June 2008, 10:13

Vulnerabilities in imlib2 open source graphics library

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Security services provider Secunia has reported that two bugs in the imlib2 1.4.0 open source graphics library can be exploited using crafted images to inject and execute malicious code. All applications which make use of imlib2 for image processing are affected. Applications that use imlib2 include GNOME, the open source desktop and Enlightenment, the window manager.

A boundary error in the load function in loader_pnm.c can lead to a stack buffer overflow when processing PNM format image headers. A boundary error in the loader_xpm.c function can lead to a stack buffer overflow when processing XPM images. Both buffer overflows can be exploited to inject and execute arbitrary code.

Versions prior to 1.4.0 are also likely to be affected. According to the report, the bug is fixed in the library's CVS and distributors should be releasing updated packages shortly.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit