imlib2 -- XPM processing buffer overflow vulnerability

2008-11-20T00:00:00
ID 910486D5-BA4D-11DD-8F23-0019666436C2
Type freebsd
Reporter FreeBSD
Modified 2008-11-20T00:00:00

Description

Secunia reports:

A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a pointer arithmetic error within the "load()" function provided by the XPM loader. This can be exploited to cause a heap-based buffer overflow via a specially crafted XPM file. Successful exploitation may allow execution of arbitrary code.