ID CVE-2002-0167Type cveReporter cve@mitre.orgModified 2008-09-11T00:00:00
Description
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.
{"id": "CVE-2002-0167", "bulletinFamily": "NVD", "title": "CVE-2002-0167", "description": "Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.", "published": "2002-04-22T04:00:00", "modified": "2008-09-11T00:00:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2002-0167", "reporter": "cve@mitre.org", "references": ["http://www.securityfocus.com/bid/4339", "http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html", "http://www.redhat.com/support/errata/RHSA-2002-048.html", "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php", "http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470", "ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt"], "cvelist": ["CVE-2002-0167"], "type": "cve", "lastseen": "2019-05-29T18:07:38", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "68f3af9af115f81873ee399cdf3e8db1"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "0eae82ed793a002e80ac560606320481"}, {"key": "cpe23", "hash": "b9b7af21321420a27a4164563355016b"}, {"key": "cvelist", "hash": "9340bb5a8211f839605aa4b3d6ed06f6"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "7f7c77d2dde7216a66d00321bd5828f8"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "78a7a5cbaf09985c14389298e454e7db"}, {"key": "description", "hash": "ffae36fb4836acbd38b61e7df3632aa4"}, {"key": "href", "hash": "7e8687e3f9a30688010575a88808304c"}, {"key": "modified", "hash": "d17b7d14a845afe0e8cc2301daf06bb9"}, {"key": "published", "hash": "3c84aa1cff9c0d627b3856c02ce2996e"}, {"key": "references", "hash": "78071d948fc02d31d3fc934edda59fcf"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "9a8b55667d3ebc53488f6c1f8a4aa9ab"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "7852c610262b45bacfcb88081071a4e86a3d6483b42404c91930157a18b20e13", "viewCount": 0, "enchantments": {"dependencies": {"references": [{"type": "osvdb", "idList": ["OSVDB:2057"]}, {"type": "nessus", "idList": ["MANDRAKE_MDKSA-2002-029.NASL"]}, {"type": "suse", "idList": ["SUSE-SA:2002:015"]}], "modified": "2019-05-29T18:07:38"}, "score": {"value": 6.2, "vector": "NONE", "modified": "2019-05-29T18:07:38"}, "vulnersScore": 6.2}, "objectVersion": "1.3", "cpe": ["cpe:/a:enlightenment:imlib:1.9.5", "cpe:/a:enlightenment:imlib:1.9", "cpe:/a:enlightenment:imlib:1.9.4", "cpe:/a:enlightenment:imlib:1.9.10", "cpe:/a:enlightenment:imlib:1.9.11", "cpe:/a:enlightenment:imlib:1.9.1", "cpe:/a:enlightenment:imlib:1.9.8", "cpe:/a:enlightenment:imlib:1.9.12", "cpe:/a:enlightenment:imlib:1.9.7", "cpe:/a:enlightenment:imlib:1.9.6", "cpe:/a:enlightenment:imlib:1.9.3", "cpe:/a:enlightenment:imlib:1.9.2", "cpe:/a:enlightenment:imlib:1.9.9"], "affectedSoftware": [{"name": "enlightenment imlib", "operator": "eq", "version": "1.9.4"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.3"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.12"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.9"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.5"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.2"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.10"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.7"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.11"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.8"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.1"}, {"name": "enlightenment imlib", "operator": "eq", "version": "1.9.6"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:enlightenment:imlib:1.9.9:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.12:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.7:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.11:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.3:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.5:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.6:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.4:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.10:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.8:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib:1.9.2:*:*:*:*:*:*:*"], "cwe": ["NVD-CWE-Other"]}
{"osvdb": [{"lastseen": "2017-04-28T13:19:56", "bulletinFamily": "software", "description": "# No description provided by the source\n\n## References:\n[CVE-2002-0167](https://vulners.com/cve/CVE-2002-0167)\nBugtraq ID: 4339\n", "modified": "2002-03-21T00:00:00", "published": "2002-03-21T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:2057", "id": "OSVDB:2057", "type": "osvdb", "title": "imlib NetPBM Dependancy Trusted Image Loading Weakness", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "nessus": [{"lastseen": "2019-11-01T02:54:54", "bulletinFamily": "scanner", "description": "Previous versions of imlib, prior to 1.9.13, would fall back to the\nNetPBM library which is not suitable for loading untrusted images due\nto various problem in it", "modified": "2019-11-02T00:00:00", "id": "MANDRAKE_MDKSA-2002-029.NASL", "href": "https://www.tenable.com/plugins/nessus/13936", "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : imlib (MDKSA-2002:029)", "type": "nessus", "sourceData": "#%NASL_MIN_LEVEL 80502\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2002:029. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(13936);\n script_version (\"1.15\");\n script_cvs_date(\"Date: 2019/08/02 13:32:46\");\n\n script_cve_id(\"CVE-2002-0167\", \"CVE-2002-0168\");\n script_bugtraq_id(4336, 4339);\n script_xref(name:\"MDKSA\", value:\"2002:029\");\n\n script_name(english:\"Mandrake Linux Security Advisory : imlib (MDKSA-2002:029)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Previous versions of imlib, prior to 1.9.13, would fall back to the\nNetPBM library which is not suitable for loading untrusted images due\nto various problem in it's code. The new imlib also fixes some\nproblems with arguments passed to malloc(). These problems could allow\nattackers to construct images that could cause crashes or,\npotentially, the execution of arbitrary code when said images are\nloaded by a viewer that uses imlib.\n\nThanks to Alan Cox and Al Viro for discovering the problems.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imlib\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imlib-cfgeditor\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imlib-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:7.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:8.2\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2002/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"imlib-1.9.13-2.5mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"imlib-cfgeditor-1.9.13-2.5mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.1\", cpu:\"i386\", reference:\"imlib-devel-1.9.13-2.5mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"imlib-1.9.13-2.4mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"imlib-cfgeditor-1.9.13-2.4mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK7.2\", cpu:\"i386\", reference:\"imlib-devel-1.9.13-2.4mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"imlib-1.9.13-2.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"imlib-cfgeditor-1.9.13-2.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libimlib1-1.9.13-2.3mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.0\", cpu:\"i386\", reference:\"libimlib1-devel-1.9.13-2.3mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"imlib-1.9.13-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"imlib-cfgeditor-1.9.13-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libimlib1-1.9.13-2.2mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.1\", cpu:\"i386\", reference:\"libimlib1-devel-1.9.13-2.2mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"imlib-1.9.13-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"imlib-cfgeditor-1.9.13-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libimlib1-1.9.13-2.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK8.2\", cpu:\"i386\", reference:\"libimlib1-devel-1.9.13-2.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "suse": [{"lastseen": "2016-09-04T12:25:25", "bulletinFamily": "unix", "description": "The imlib library can be used by X11 applications to handle various kinds of image data.", "modified": "2002-05-07T12:06:17", "published": "2002-05-07T12:06:17", "id": "SUSE-SA:2002:015", "href": "http://lists.opensuse.org/opensuse-security-announce/2002-05/msg00006.html", "type": "suse", "title": "remote privilege escalation in imlib", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
