imlib -- xpm heap buffer overflows and integer overflows

2004-12-06T00:00:00
ID 2001103A-6BBD-11D9-851D-000A95BC6FAE
Type freebsd
Reporter FreeBSD
Modified 2004-12-06T00:00:00

Description

Pavel Kankovsky reports:

Imlib affected by a variant of CAN-2004-0782 too. I've discovered more vulnerabilities in Imlib (1.9.13). In particular, it appears to be affected by a variant of Chris Evans' libXpm flaw #1 (CAN-2004-0782, see http://scary.beasts.org/security/CESA-2004-003.txt). Look at the attached image, it kills ee on my 7.3.

The flaws also affect imlib2.