The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

A security problem was fixed in imlib2 where loading a specific XPM file could corrupt memory. (CVE-2008-5187)

A vulnerability have been discovered in the load function of the XPM loader for imlib2, which allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file (CVE-2008-5187).

The updated packages have been patched to prevent this.

It was discovered that Imlib2 did not correctly handle certain malformed XPM images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user's privileges.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Sun Nov 23 2008 Tomas Smetana <tsmetana at redhat.com>     1.4.2-2

    - patch for CVE-2008-5187

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200812-23 (Imlib2: User-assisted execution of arbitrary code)

    Julien Danjou reported a pointer arithmetic error and a heap-based     buffer overflow within the load() function of the XPM image loader.
  Impact :

    A remote attacker could entice a user to process a specially crafted     XPM image, possibly resulting in the remote execution of arbitrary code     with the privileges of the user running the application, or a Denial of     Service.
  Workaround :

    There is no known workaround at this time.

Julien Danjou and Peter De Wachter discovered that a buffer overflow in the XPM loader of Imlib2, a powerful image loading and rendering library, might lead to arbitrary code execution.

- Sun Nov 23 2008 Tomas Smetana <tsmetana at redhat.com>     1.4.2-2

    - patch for CVE-2008-5187

    - Thu Oct 23 2008 Tomas Smetana <tsmetana at redhat.com>       1.4.2-1

    - new upstream version

    - Fri May 30 2008 Tomas Smetana <tsmetana at redhat.com>       1.4.0-7

    - patch for CVE-2008-2426

    - Tue Mar 11 2008 Hans de Goede <j.w.r.degoede at       hhs.nl> 1.4.0-6

    - Disable amd64 assembly optimization. (Kills idesk -       #222998, #436924)

    - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at       fedoraproject.org> - 1.4.0-5

    - Autorebuild for GCC 4.3

    - Tue Oct 23 2007 Hans de Goede <j.w.r.degoede at       hhs.nl> 1.4.0-4

    - Fix building on ia64 (bz 349171)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

- Sun Nov 23 2008 Tomas Smetana <tsmetana at redhat.com>     1.4.2-2

    - patch for CVE-2008-5187

    - Thu Oct 23 2008 Tomas Smetana <tsmetana at redhat.com>       1.4.2-1

    - new upstream version

    - Fri May 30 2008 Tomas Smetana <tsmetana at redhat.com>       1.4.0-7

    - patch for CVE-2008-2426

    - Tue Mar 11 2008 Hans de Goede <j.w.r.degoede at       hhs.nl> 1.4.0-6

    - Disable amd64 assembly optimization. (Kills idesk -       #222998, #436924)

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Secunia reports :

A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library.

The vulnerability is caused due to a pointer arithmetic error within the 'load()' function provided by the XPM loader. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPM file.

Successful exploitation may allow execution of arbitrary code.

ID	Name	Product	Family	Severity
51749	SuSE 10 Security Update : imlib2 (ZYPP Patch Number 5832)	Nessus	SuSE Local Security Checks	high
39989	openSUSE Security Update : imlib2 (imlib2-318)	Nessus	SuSE Local Security Checks	high
37585	Mandriva Linux Security Advisory : imlib2 (MDVSA-2009:019)	Nessus	Mandriva Local Security Checks	high
36374	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : imlib2 vulnerability (USN-683-1)	Nessus	Ubuntu Local Security Checks	high
36311	Fedora 10 : imlib2-1.4.2-2.fc10 (2008-10364)	Nessus	Fedora Local Security Checks	high
35270	GLSA-200812-23 : Imlib2: User-assisted execution of arbitrary code	Nessus	Gentoo Local Security Checks	high
35005	openSUSE 10 Security Update : imlib2 (imlib2-5804)	Nessus	SuSE Local Security Checks	high
34973	Debian DSA-1672-1 : imlib2 - buffer overflow	Nessus	Debian Local Security Checks	high
34966	Fedora 8 : imlib2-1.4.2-2.fc8 (2008-10296)	Nessus	Fedora Local Security Checks	high
34965	Fedora 9 : imlib2-1.4.2-2.fc9 (2008-10287)	Nessus	Fedora Local Security Checks	high
34951	FreeBSD : imlib2 -- XPM processing buffer overflow vulnerability (910486d5-ba4d-11dd-8f23-0019666436c2)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2008-5187

high

Tenable Plugins

high

high

high

high

high

high

high

high

high

high

high