{"id": "UBUNTU_USN-376-1.NASL", "bulletinFamily": "scanner", "title": "Ubuntu 5.10 / 6.06 LTS / 6.10 : imlib2 vulnerabilities (USN-376-1)", "description": "M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify\nthe validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a\nuser were tricked into viewing or processing a specially crafted image\nwith an application that uses imlib2, the flaws could be exploited to\nexecute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2007-11-10T00:00:00", "modified": "2021-01-02T00:00:00", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/27957", "reporter": "Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://usn.ubuntu.com/376-1/"], "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "type": "nessus", "lastseen": "2021-01-01T06:49:15", "edition": 25, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-4808", "CVE-2006-4806", "CVE-2006-4807", "CVE-2006-4809"]}, {"type": "ubuntu", "idList": ["USN-376-1", "USN-376-2"]}, {"type": "gentoo", "idList": ["GLSA-200612-20"]}, {"type": "openvas", "idList": ["OPENVAS:57559", "OPENVAS:57959"]}, {"type": "freebsd", "idList": ["92442C4B-6F4A-11DB-BD28-0012F06707F0"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:14922"]}, {"type": "nessus", "idList": ["SUSE_IMLIB2-LOADERS-2261.NASL", "MANDRAKE_MDKSA-2006-198.NASL", "SUSE_IMLIB2-LOADERS-2265.NASL", "FREEBSD_PKG_92442C4B6F4A11DBBD280012F06707F0.NASL", "MANDRAKE_MDKSA-2007-156.NASL", "GENTOO_GLSA-200612-20.NASL", "FEDORA_EXTRAS_2006-004.NASL", "SUSE_IMLIB2-LOADERS-2245.NASL", "SUSE_IMLIB2-LOADERS-2244.NASL"]}, {"type": "osvdb", "idList": ["OSVDB:30109", "OSVDB:30104", "OSVDB:30102", "OSVDB:30108", "OSVDB:30107", "OSVDB:30105", "OSVDB:30106", "OSVDB:30103"]}], "modified": "2021-01-01T06:49:15", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-01-01T06:49:15", "rev": 2}, "vulnersScore": 6.4}, "sourceData": "#%NASL_MIN_LEVEL 80502\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-376-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(27957);\n script_version(\"1.14\");\n script_cvs_date(\"Date: 2019/08/02 13:33:01\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_xref(name:\"USN\", value:\"376-1\");\n\n script_name(english:\"Ubuntu 5.10 / 6.06 LTS / 6.10 : imlib2 vulnerabilities (USN-376-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify\nthe validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a\nuser were tricked into viewing or processing a specially crafted image\nwith an application that uses imlib2, the flaws could be exploited to\nexecute arbitrary code with the user's privileges.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/376-1/\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected libimlib2 and / or libimlib2-dev packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimlib2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libimlib2-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:5.10\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.06:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:6.10\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/11/10\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2007-2019 Canonical, Inc. / NASL script (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! ereg(pattern:\"^(5\\.10|6\\.06|6\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 5.10 / 6.06 / 6.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libimlib2\", pkgver:\"1.2.0-2.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"5.10\", pkgname:\"libimlib2-dev\", pkgver:\"1.2.0-2.2ubuntu2.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libimlib2\", pkgver:\"1.2.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.06\", pkgname:\"libimlib2-dev\", pkgver:\"1.2.1-2ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libimlib2\", pkgver:\"1.2.1-2ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"6.10\", pkgname:\"libimlib2-dev\", pkgver:\"1.2.1-2ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libimlib2 / libimlib2-dev\");\n}\n", "naslFamily": "Ubuntu Local Security Checks", "pluginID": "27957", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libimlib2-dev", "cpe:/o:canonical:ubuntu_linux:6.10", "p-cpe:/a:canonical:ubuntu_linux:libimlib2", "cpe:/o:canonical:ubuntu_linux:5.10", "cpe:/o:canonical:ubuntu_linux:6.06:-:lts"], "scheme": null}

{"ubuntu": [{"lastseen": "2020-07-08T23:41:25", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "USN-376-1 provided an update to imlib2 to fix several security \nvulnerabilities. Unfortunately the update broke JPG file handling in \ncertain situations. This update corrects this problem. We apologize \nfor the inconvenience.", "edition": 16, "modified": "2006-11-06T00:00:00", "published": "2006-11-06T00:00:00", "id": "USN-376-2", "href": "https://ubuntu.com/security/notices/USN-376-2", "title": "imlib2 regression fix", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-09T00:33:16", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the \nvalidity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user \nwere tricked into viewing or processing a specially crafted image with \nan application that uses imlib2, the flaws could be exploited to execute \narbitrary code with the user's privileges.", "edition": 6, "modified": "2006-11-03T00:00:00", "published": "2006-11-03T00:00:00", "id": "USN-376-1", "href": "https://ubuntu.com/security/notices/USN-376-1", "title": "imlib2 vulnerabilities", "type": "ubuntu", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "gentoo": [{"lastseen": "2016-09-06T19:46:08", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "### Background\n\nimlib2 is an advanced replacement for image manipulation libraries such as libXpm. It is utilized by numerous programs, including gkrellm and several window managers, to display images. \n\n### Description\n\nM. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. \n\n### Impact\n\nAn attacker can entice a user to process a specially crafted JPG, ARGB, PNG, LBM, PNM, TIFF, or TGA image with an \"imlib2*\" binary or another application using the imlib2 libraries. Successful exploitation of the buffer overflows causes the execution of arbitrary code with the permissions of the user running the application. \n\n### Workaround\n\nThere is no known workaround at this time. \n\n### Resolution\n\nAll imlib2 users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=media-libs/imlib2-1.3.0\"", "edition": 1, "modified": "2006-12-20T00:00:00", "published": "2006-12-20T00:00:00", "id": "GLSA-200612-20", "href": "https://security.gentoo.org/glsa/200612-20", "type": "gentoo", "title": "imlib2: Multiple vulnerabilities", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:21", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-21T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:57559", "href": "http://plugins.openvas.org/nasl.php?oid=57559", "type": "openvas", "title": "FreeBSD Ports: imlib2", "sourceData": "#\n#VID 92442c4b-6f4a-11db-bd28-0012f06707f0\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: imlib2\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\";\nif(description)\n{\n script_id(57559);\n script_version(\"$Revision: 4125 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-21 07:39:51 +0200 (Wed, 21 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_bugtraq_id(20903);\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"FreeBSD Ports: imlib2\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"imlib2\");\nif(!isnull(bver) && revcomp(a:bver, b:\"20060926_1,1\")<0) {\n txt += 'Package imlib2 version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-07-24T12:50:04", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200612-20.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:57959", "href": "http://plugins.openvas.org/nasl.php?oid=57959", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200612-20 (imlib2)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"imlib2 contains several vulnerabilities that could lead to the remote\nexecution of arbitrary code or a Denial of Service.\";\ntag_solution = \"All imlib2 users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/imlib2-1.3.0'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200612-20\nhttp://bugs.gentoo.org/show_bug.cgi?id=154216\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200612-20.\";\n\n \n\nif(description)\n{\n script_id(57959);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_tag(name:\"cvss_base\", value:\"5.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_name(\"Gentoo Security Advisory GLSA 200612-20 (imlib2)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"media-libs/imlib2\", unaffected: make_list(\"ge 1.3.0\"), vulnerable: make_list(\"lt 1.3.0\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:20", "bulletinFamily": "software", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "=========================================================== \r\nUbuntu Security Notice USN-376-1 November 03, 2006\r\nimlib2 vulnerabilities\r\nCVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809\r\n===========================================================\r\n\r\nA security issue affects the following Ubuntu releases:\r\n\r\nUbuntu 5.10\r\nUbuntu 6.06 LTS\r\nUbuntu 6.10\r\n\r\nThis advisory also applies to the corresponding versions of\r\nKubuntu, Edubuntu, and Xubuntu.\r\n\r\nThe problem can be corrected by upgrading your system to the\r\nfollowing package versions:\r\n\r\nUbuntu 5.10:\r\n libimlib2 1.2.0-2.2ubuntu2.1\r\n\r\nUbuntu 6.06 LTS:\r\n libimlib2 1.2.1-2ubuntu0.1\r\n\r\nUbuntu 6.10:\r\n libimlib2 1.2.1-2ubuntu1.1\r\n\r\nIn general, a standard system upgrade is sufficient to effect the\r\nnecessary changes.\r\n\r\nDetails follow:\r\n\r\nM. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the \r\nvalidity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user \r\nwere tricked into viewing or processing a specially crafted image with \r\nan application that uses imlib2, the flaws could be exploited to execute \r\narbitrary code with the user&#39;s privileges.\r\n\r\n\r\nUpdated packages for Ubuntu 5.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0-2.2ubuntu2.1.diff.gz\r\n Size/MD5: 100796 c82218d8d766d6c07313616ec4cf2869\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0-2.2ubuntu2.1.dsc\r\n Size/MD5: 749 8077c827432795c90a5e5097574539e4\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.0.orig.tar.gz\r\n Size/MD5: 891164 dfc6d3cc270354af22ef9b5e3b312003\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.1_amd64.deb\r\n Size/MD5: 343188 a2c46b274c821dfa0f9ea479007a2260\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.1_amd64.deb\r\n Size/MD5: 206726 c5db59d4cbbc613fbe2a9033ea163231\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.1_i386.deb\r\n Size/MD5: 300514 c69d47be87992d1c60b7cb3c97c99295\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.1_i386.deb\r\n Size/MD5: 193200 2a07bef4498aec608729f855d629e792\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.1_powerpc.deb\r\n Size/MD5: 341252 65f5260ccaa1ec702e7023c566468c6e\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.1_powerpc.deb\r\n Size/MD5: 213304 1694fcb555e6ebd08e824ed4700353f8\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.0-2.2ubuntu2.1_sparc.deb\r\n Size/MD5: 320930 947d8ad96ed45db2a339f18e637dcf6f\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.0-2.2ubuntu2.1_sparc.deb\r\n Size/MD5: 197354 31eb4587fd3d1ed053249cdf69870b95\r\n\r\nUpdated packages for Ubuntu 6.06 LTS:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.1.diff.gz\r\n Size/MD5: 104822 b7b83481b45c6649393bf5f335b927e9\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu0.1.dsc\r\n Size/MD5: 745 5984c54a0a0bb957119f22dfb1d4d76e\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz\r\n Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 352012 6061ed5e49df0b5a88ca1f8fee8ff1a7\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.1_amd64.deb\r\n Size/MD5: 214358 8d8d4f1ea638475cddb1f28c4d493cca\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 302338 3bbc57a2a6d29ad243f291fce03d04e5\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.1_i386.deb\r\n Size/MD5: 193210 14b26ac483c07cc0840053e3b656e221\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 341726 f0679ab29b0123460f646470aff23017\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.1_powerpc.deb\r\n Size/MD5: 212592 584c6ab6435c8ad94faaca0e0e75613c\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 317964 3bd6c317bc3c1c770a20ef6e164821ef\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu0.1_sparc.deb\r\n Size/MD5: 193948 9bb7f287b8493e4357b846fe0724b395\r\n\r\nUpdated packages for Ubuntu 6.10:\r\n\r\n Source archives:\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu1.1.diff.gz\r\n Size/MD5: 104898 2ab743c57b1b32afadc11c5dc0e55c25\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1-2ubuntu1.1.dsc\r\n Size/MD5: 745 11976cf02780a00e1e9bbd0857a45743\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/imlib2_1.2.1.orig.tar.gz\r\n Size/MD5: 911360 deb3c9713339fe9ca964e100cce42cd1\r\n\r\n amd64 architecture &#40;Athlon64, Opteron, EM64T Xeon&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.1_amd64.deb\r\n Size/MD5: 354212 6a3fd86de721474e8da50f1ef11437cc\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.1_amd64.deb\r\n Size/MD5: 218382 cc08888dfedecbbc8d680663cc0b968f\r\n\r\n i386 architecture &#40;x86 compatible Intel/AMD&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.1_i386.deb\r\n Size/MD5: 318096 0718c201480b313f3ec220856068c6a8\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.1_i386.deb\r\n Size/MD5: 202792 e196f939edc08781a90f9a04d9549026\r\n\r\n powerpc architecture &#40;Apple Macintosh G3/G4/G5&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.1_powerpc.deb\r\n Size/MD5: 345768 a9cbd9ef3f718230077ff949d2f0a22b\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.1_powerpc.deb\r\n Size/MD5: 217928 0195e3b0bd2da4271e8dd87922a8bd39\r\n\r\n sparc architecture &#40;Sun SPARC/UltraSPARC&#41;\r\n\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2-dev_1.2.1-2ubuntu1.1_sparc.deb\r\n Size/MD5: 324270 1e3f5a1195eec8b1f36d5f6b5d310ed9\r\n http://security.ubuntu.com/ubuntu/pool/main/i/imlib2/libimlib2_1.2.1-2ubuntu1.1_sparc.deb\r\n Size/MD5: 198158 87863ac900cf6424dd7363a2e62bfa44\r\n", "edition": 1, "modified": "2006-11-05T00:00:00", "published": "2006-11-05T00:00:00", "id": "SECURITYVULNS:DOC:14922", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:14922", "title": "[USN-376-1] imlib2 vulnerabilities", "type": "securityvulns", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}], "freebsd": [{"lastseen": "2019-05-29T18:34:39", "bulletinFamily": "unix", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "description": "\nSecunia reports:\n\nSome vulnerabilities have been reported in imlib2, which can be\n\t exploited by malicious people to cause a DoS (Denial of Service)\n\t or potentially compromise an application using the library.\nThe vulnerabilities are caused due to unspecified errors within\n\t the processing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images.\n\t This may be exploited to execute arbitrary code by e.g. tricking a\n\t user into opening a specially crafted image file with an\n\t application using imlib2.\n\n", "edition": 4, "modified": "2006-11-03T00:00:00", "published": "2006-11-03T00:00:00", "id": "92442C4B-6F4A-11DB-BD28-0012F06707F0", "href": "https://vuxml.freebsd.org/freebsd/92442c4b-6f4a-11db-bd28-0012f06707f0.html", "title": "Imlib2 -- multiple image file processing vulnerabilities", "type": "freebsd", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2021-01-12T10:43:49", "description": "M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify\nthe validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a\nuser were tricked into viewing or processing a specially crafted image\nwith an application that uses imlib2, the flaws could be exploited to\nexecute arbitrary code with the user's privileges.\n\nFedora Extras versions earlier then the versions mentioned above are\nvulnerable to this problem, upgrade to fix this vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 24, "published": "2012-09-24T00:00:00", "title": "Fedora Extras : imlib2-1.2.1-2 (2006-004)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2012-09-24T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora_core:3", "cpe:/o:fedoraproject:fedora_core:6", "cpe:/o:fedoraproject:fedora_core:5", "cpe:/o:fedoraproject:fedora_core:4", "p-cpe:/a:fedoraproject:fedora:imlib2"], "id": "FEDORA_EXTRAS_2006-004.NASL", "href": "https://www.tenable.com/plugins/nessus/62278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted and adapted from the Fedora Security Advisory.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(62278);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n\n script_name(english:\"Fedora Extras : imlib2-1.2.1-2 (2006-004)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora Core host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify\nthe validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a\nuser were tricked into viewing or processing a specially crafted image\nwith an application that uses imlib2, the flaws could be exploited to\nexecute arbitrary code with the user's privileges.\n\nFedora Extras versions earlier then the versions mentioned above are\nvulnerable to this problem, upgrade to fix this vulnerability.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n # https://lists.fedoraproject.org/pipermail/package-announce/2006-November/000846.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?81dd7ca0\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imlib2 package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:imlib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora_core:6\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2012/09/24\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2012-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = eregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! ereg(pattern:\"^(3|4|5|6)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 3.x / 4.x / 5.x / 6.x\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\nflag = 0;\nif (rpm_check(release:\"FC3\", reference:\"imlib2-1.2.1-2\")) flag++;\n\nif (rpm_check(release:\"FC4\", reference:\"imlib2-1.2.1-2\")) flag++;\n\nif (rpm_check(release:\"FC5\", reference:\"imlib2-1.3.0-3\")) flag++;\n\nif (rpm_check(release:\"FC6\", reference:\"imlib2-1.3.0-3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib2\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:52:09", "description": "The remote host is affected by the vulnerability described in GLSA-200612-20\n(imlib2: Multiple vulnerabilities)\n\n M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c,\n loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c,\n loader_pnm.c and an out-of-bounds memory read access in loader_tga.c.\n \nImpact :\n\n An attacker can entice a user to process a specially crafted JPG, ARGB,\n PNG, LBM, PNM, TIFF, or TGA image with an 'imlib2*' binary or another\n application using the imlib2 libraries. Successful exploitation of the\n buffer overflows causes the execution of arbitrary code with the\n permissions of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.", "edition": 25, "published": "2006-12-30T00:00:00", "title": "GLSA-200612-20 : imlib2: Multiple vulnerabilities", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2006-12-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:imlib2"], "id": "GENTOO_GLSA-200612-20.NASL", "href": "https://www.tenable.com/plugins/nessus/23957", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200612-20.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23957);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_xref(name:\"GLSA\", value:\"200612-20\");\n\n script_name(english:\"GLSA-200612-20 : imlib2: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200612-20\n(imlib2: Multiple vulnerabilities)\n\n M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c,\n loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c,\n loader_pnm.c and an out-of-bounds memory read access in loader_tga.c.\n \nImpact :\n\n An attacker can entice a user to process a specially crafted JPG, ARGB,\n PNG, LBM, PNM, TIFF, or TGA image with an 'imlib2*' binary or another\n application using the imlib2 libraries. Successful exploitation of the\n buffer overflows causes the execution of arbitrary code with the\n permissions of the user running the application.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200612-20\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All imlib2 users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=media-libs/imlib2-1.3.0'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:imlib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/12/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/12/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/06\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"media-libs/imlib2\", unaffected:make_list(\"ge 1.3.0\"), vulnerable:make_list(\"lt 1.3.0\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib2\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T10:47:26", "description": "Secunia reports :\n\nSome vulnerabilities have been reported in imlib2, which can be\nexploited by malicious people to cause a DoS (Denial of Service) or\npotentially compromise an application using the library.\n\nThe vulnerabilities are caused due to unspecified errors within the\nprocessing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images. This may\nbe exploited to execute arbitrary code by e.g. tricking a user into\nopening a specially crafted image file with an application using\nimlib2.", "edition": 24, "published": "2006-11-20T00:00:00", "title": "FreeBSD : Imlib2 -- multiple image file processing vulnerabilities (92442c4b-6f4a-11db-bd28-0012f06707f0)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2006-11-20T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:imlib2"], "id": "FREEBSD_PKG_92442C4B6F4A11DBBD280012F06707F0.NASL", "href": "https://www.tenable.com/plugins/nessus/23665", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(23665);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_bugtraq_id(20903);\n\n script_name(english:\"FreeBSD : Imlib2 -- multiple image file processing vulnerabilities (92442c4b-6f4a-11db-bd28-0012f06707f0)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Secunia reports :\n\nSome vulnerabilities have been reported in imlib2, which can be\nexploited by malicious people to cause a DoS (Denial of Service) or\npotentially compromise an application using the library.\n\nThe vulnerabilities are caused due to unspecified errors within the\nprocessing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images. This may\nbe exploited to execute arbitrary code by e.g. tricking a user into\nopening a specially crafted image file with an application using\nimlib2.\"\n );\n # https://vuxml.freebsd.org/freebsd/92442c4b-6f4a-11db-bd28-0012f06707f0.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ee792391\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:imlib2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2006/11/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2006/11/20\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2006-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"imlib2<20060926_1,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:45", "description": "M Joonas Pihlaja discovered several vulnerabilities in the Imlib2\ngraphics library.\n\nThe load() function of several of the Imlib2 image loaders does not\ncheck the width and height of an image before allocating memory. As a\nresult, a carefully crafted image file can trigger a segfault when an\napplication using Imlib2 attempts to view the image. (CVE-2006-4806)\n\nThe tga loader fails to bounds check input data to make sure the input\ndata doesn load outside the memory mapped region. (CVE-2006-4807)\n\nThe RLE decoding loops of the load() function in the tga loader does\nnot check that the count byte of an RLE packet doesn cause a heap\noverflow of the pixel buffer. (CVE-2006-4808)\n\nThe load() function of the pnm loader writes arbitrary length user\ndata into a fixed size stack allocated buffer buf[] without bounds\nchecking. (CVE-2006-4809)\n\nUpdated packages have been patched to prevent these issues.", "edition": 24, "published": "2009-04-23T00:00:00", "title": "Mandrake Linux Security Advisory : imlib2 (MDKSA-2007:156)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2009-04-23T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64imlib2_1-devel", "p-cpe:/a:mandriva:linux:lib64imlib2_1-filters", "p-cpe:/a:mandriva:linux:imlib2-data", "p-cpe:/a:mandriva:linux:libimlib2_1-devel", "p-cpe:/a:mandriva:linux:libimlib2_1", "p-cpe:/a:mandriva:linux:libimlib2_1-loaders", "cpe:/o:mandriva:linux:2007.1", "p-cpe:/a:mandriva:linux:lib64imlib2_1-loaders", "p-cpe:/a:mandriva:linux:libimlib2_1-filters", "p-cpe:/a:mandriva:linux:lib64imlib2_1"], "id": "MANDRAKE_MDKSA-2007-156.NASL", "href": "https://www.tenable.com/plugins/nessus/37033", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2007:156. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(37033);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_bugtraq_id(20903);\n script_xref(name:\"MDKSA\", value:\"2007:156\");\n\n script_name(english:\"Mandrake Linux Security Advisory : imlib2 (MDKSA-2007:156)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"M Joonas Pihlaja discovered several vulnerabilities in the Imlib2\ngraphics library.\n\nThe load() function of several of the Imlib2 image loaders does not\ncheck the width and height of an image before allocating memory. As a\nresult, a carefully crafted image file can trigger a segfault when an\napplication using Imlib2 attempts to view the image. (CVE-2006-4806)\n\nThe tga loader fails to bounds check input data to make sure the input\ndata doesn load outside the memory mapped region. (CVE-2006-4807)\n\nThe RLE decoding loops of the load() function in the tga loader does\nnot check that the count byte of an RLE packet doesn cause a heap\noverflow of the pixel buffer. (CVE-2006-4808)\n\nThe load() function of the pnm loader writes arbitrary length user\ndata into a fixed size stack allocated buffer buf[] without bounds\nchecking. (CVE-2006-4809)\n\nUpdated packages have been patched to prevent these issues.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imlib2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1-filters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1-filters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/08/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2007.1\", reference:\"imlib2-data-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64imlib2_1-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64imlib2_1-devel-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64imlib2_1-filters-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"x86_64\", reference:\"lib64imlib2_1-loaders-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libimlib2_1-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libimlib2_1-devel-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libimlib2_1-filters-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.1\", cpu:\"i386\", reference:\"libimlib2_1-loaders-1.2.2-3.1mdv2007.1\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-07T11:51:38", "description": "M Joonas Pihlaja discovered several vulnerabilities in the Imlib2\ngraphics library.\n\nThe load() function of several of the Imlib2 image loaders does not\ncheck the width and height of an image before allocating memory. As a\nresult, a carefully crafted image file can trigger a segfault when an\napplication using Imlib2 attempts to view the image. (CVE-2006-4806)\n\nThe tga loader fails to bounds check input data to make sure the input\ndata doesn't load outside the memory mapped region. (CVE-2006-4807)\n\nThe RLE decoding loops of the load() function in the tga loader does\nnot check that the count byte of an RLE packet doesn't cause a heap\noverflow of the pixel buffer. (CVE-2006-4808)\n\nThe load() function of the pnm loader writes arbitrary length user\ndata into a fixed size stack allocated buffer buf[] without bounds\nchecking. (CVE-2006-4809) Updated packages have been patched to\ncorrect these issues.\n\nUpdate :\n\nAn error in the previous patchset may affect JPEG image handling for\ncertain valid images. This new update corrects this issue.", "edition": 25, "published": "2007-02-18T00:00:00", "title": "Mandrake Linux Security Advisory : imlib2 (MDKSA-2006:198-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2007-02-18T00:00:00", "cpe": ["p-cpe:/a:mandriva:linux:lib64imlib2_1-devel", "p-cpe:/a:mandriva:linux:lib64imlib2_1-filters", "p-cpe:/a:mandriva:linux:imlib2-data", "p-cpe:/a:mandriva:linux:libimlib2_1-devel", "cpe:/o:mandriva:linux:2007", "p-cpe:/a:mandriva:linux:libimlib2_1", "p-cpe:/a:mandriva:linux:libimlib2_1-loaders", "p-cpe:/a:mandriva:linux:lib64imlib2_1-loaders", "cpe:/o:mandriva:linux:2006", "p-cpe:/a:mandriva:linux:libimlib2_1-filters", "p-cpe:/a:mandriva:linux:lib64imlib2_1"], "id": "MANDRAKE_MDKSA-2006-198.NASL", "href": "https://www.tenable.com/plugins/nessus/24583", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2006:198. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(24583);\n script_version(\"1.17\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n script_bugtraq_id(20903);\n script_xref(name:\"MDKSA\", value:\"2006:198-1\");\n\n script_name(english:\"Mandrake Linux Security Advisory : imlib2 (MDKSA-2006:198-1)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"M Joonas Pihlaja discovered several vulnerabilities in the Imlib2\ngraphics library.\n\nThe load() function of several of the Imlib2 image loaders does not\ncheck the width and height of an image before allocating memory. As a\nresult, a carefully crafted image file can trigger a segfault when an\napplication using Imlib2 attempts to view the image. (CVE-2006-4806)\n\nThe tga loader fails to bounds check input data to make sure the input\ndata doesn't load outside the memory mapped region. (CVE-2006-4807)\n\nThe RLE decoding loops of the load() function in the tga loader does\nnot check that the count byte of an RLE packet doesn't cause a heap\noverflow of the pixel buffer. (CVE-2006-4808)\n\nThe load() function of the pnm loader writes arbitrary length user\ndata into a fixed size stack allocated buffer buf[] without bounds\nchecking. (CVE-2006-4809) Updated packages have been patched to\ncorrect these issues.\n\nUpdate :\n\nAn error in the previous patchset may affect JPEG image handling for\ncertain valid images. This new update corrects this issue.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:imlib2-data\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1-filters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:lib64imlib2_1-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1-filters\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libimlib2_1-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2006\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandriva:linux:2007\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/02/18\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK2006.0\", reference:\"imlib2-data-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-devel-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-filters-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-loaders-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libimlib2_1-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libimlib2_1-devel-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libimlib2_1-filters-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK2006.0\", cpu:\"i386\", reference:\"libimlib2_1-loaders-1.2.1-1.3.20060mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK2007.0\", reference:\"imlib2-data-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-devel-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-filters-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"x86_64\", reference:\"lib64imlib2_1-loaders-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libimlib2_1-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libimlib2_1-devel-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libimlib2_1-filters-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\nif (rpm_check(release:\"MDK2007.0\", cpu:\"i386\", reference:\"libimlib2_1-loaders-1.2.2-3.2mdv2007.0\", yank:\"mdv\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:18", "description": "Various security problems have been fixed in the imlib2 image \nloaders :\n\nCVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be\nused by attackers to execute code by supplying a handcrafted PNM\nimage.\n\nCVE-2006-4808: A heap buffer overflow in loader_tga.c could\npotentially be used by attackers to execute code by supplying a\nhandcrafted TGA image.\n\nCVE-2006-4807: A out of bounds memory read in loader_tga.c could be\nused to crash the imlib2 using application with a handcrafted TGA\nimage.\n\nCVE-2006-4806: Various integer overflows in width*height calculations\ncould lead to heap overflows which could potentially be used to\nexecute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF\nloaders.\n\nAdditionaly loading of TIFF images on 64bit systems is now possible.\n\nThis update obsoletes the previous one, which had problems with JPEG\nloading.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2265)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imlib2-loaders", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_IMLIB2-LOADERS-2265.NASL", "href": "https://www.tenable.com/plugins/nessus/27271", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update imlib2-loaders-2265.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27271);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n\n script_name(english:\"openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2265)\");\n script_summary(english:\"Check for the imlib2-loaders-2265 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security problems have been fixed in the imlib2 image \nloaders :\n\nCVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be\nused by attackers to execute code by supplying a handcrafted PNM\nimage.\n\nCVE-2006-4808: A heap buffer overflow in loader_tga.c could\npotentially be used by attackers to execute code by supplying a\nhandcrafted TGA image.\n\nCVE-2006-4807: A out of bounds memory read in loader_tga.c could be\nused to crash the imlib2 using application with a handcrafted TGA\nimage.\n\nCVE-2006-4806: Various integer overflows in width*height calculations\ncould lead to heap overflows which could potentially be used to\nexecute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF\nloaders.\n\nAdditionaly loading of TIFF images on 64bit systems is now possible.\n\nThis update obsoletes the previous one, which had problems with JPEG\nloading.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imlib2-loaders package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:imlib2-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"imlib2-loaders-1.2.1-17.9\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib2\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:18", "description": "Various security problems have been fixed in the imlib2 image \nloaders :\n\n - A stack-based buffer overflow in loader_pnm.c could be\n used by attackers to execute code by supplying a\n handcrafted PNM image. (CVE-2006-4809)\n\n - A heap buffer overflow in loader_tga.c could potentially\n be used by attackers to execute code by supplying a\n handcrafted TGA image. (CVE-2006-4808)\n\n - A out of bounds memory read in loader_tga.c could be\n used to crash the imlib2 using application with a\n handcrafted TGA image. (CVE-2006-4807)\n\n - Various integer overflows in width*height calculations\n could lead to heap overflows which could potentially be\n used to execute code. Affected here are the ARGB, PNG,\n LBM, JPEG and TIFF loaders. (CVE-2006-4806)\n\nAdditionally loading of TIFF images on 64bit systems now works.\n\nThis obsoletes a previous update, which had broken JPEG loading.", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2261)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_IMLIB2-LOADERS-2261.NASL", "href": "https://www.tenable.com/plugins/nessus/29464", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29464);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n\n script_name(english:\"SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2261)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security problems have been fixed in the imlib2 image \nloaders :\n\n - A stack-based buffer overflow in loader_pnm.c could be\n used by attackers to execute code by supplying a\n handcrafted PNM image. (CVE-2006-4809)\n\n - A heap buffer overflow in loader_tga.c could potentially\n be used by attackers to execute code by supplying a\n handcrafted TGA image. (CVE-2006-4808)\n\n - A out of bounds memory read in loader_tga.c could be\n used to crash the imlib2 using application with a\n handcrafted TGA image. (CVE-2006-4807)\n\n - Various integer overflows in width*height calculations\n could lead to heap overflows which could potentially be\n used to execute code. Affected here are the ARGB, PNG,\n LBM, JPEG and TIFF loaders. (CVE-2006-4806)\n\nAdditionally loading of TIFF images on 64bit systems now works.\n\nThis obsoletes a previous update, which had broken JPEG loading.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4808.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4809.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2261.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"imlib2-loaders-1.2.1-17.9\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:18", "description": "Various security problems have been fixed in the imlib2 image \nloaders :\n\nCVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be\nused by attackers to execute code by supplying a handcrafted PNM\nimage.\n\nCVE-2006-4808: A heap buffer overflow in loader_tga.c could\npotentially be used by attackers to execute code by supplying a\nhandcrafted TGA image.\n\nCVE-2006-4807: A out of bounds memory read in loader_tga.c could be\nused to crash the imlib2 using application with a handcrafted TGA\nimage.\n\nCVE-2006-4806: Various integer overflows in width*height calculations\ncould lead to heap overflows which could potentially be used to\nexecute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF\nloaders.\n\nAdditionaly loading of TIFF images on 64bit systems is now possible.", "edition": 24, "published": "2007-10-17T00:00:00", "title": "openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2244)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2007-10-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:imlib2-loaders", "cpe:/o:novell:opensuse:10.1"], "id": "SUSE_IMLIB2-LOADERS-2244.NASL", "href": "https://www.tenable.com/plugins/nessus/27270", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update imlib2-loaders-2244.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(27270);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n\n script_name(english:\"openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2244)\");\n script_summary(english:\"Check for the imlib2-loaders-2244 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security problems have been fixed in the imlib2 image \nloaders :\n\nCVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be\nused by attackers to execute code by supplying a handcrafted PNM\nimage.\n\nCVE-2006-4808: A heap buffer overflow in loader_tga.c could\npotentially be used by attackers to execute code by supplying a\nhandcrafted TGA image.\n\nCVE-2006-4807: A out of bounds memory read in loader_tga.c could be\nused to crash the imlib2 using application with a handcrafted TGA\nimage.\n\nCVE-2006-4806: Various integer overflows in width*height calculations\ncould lead to heap overflows which could potentially be used to\nexecute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF\nloaders.\n\nAdditionaly loading of TIFF images on 64bit systems is now possible.\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected imlib2-loaders package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:imlib2-loaders\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:10.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/10/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE10\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"10.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE10.1\", reference:\"imlib2-loaders-1.2.1-17.7\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"imlib2\");\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-01-17T14:44:18", "description": "Various security problems have been fixed in the imlib2 image \nloaders :\n\n - A stack-based buffer overflow in loader_pnm.c could be\n used by attackers to execute code by supplying a\n handcrafted PNM image. (CVE-2006-4809)\n\n - A heap buffer overflow in loader_tga.c could potentially\n be used by attackers to execute code by supplying a\n handcrafted TGA image. (CVE-2006-4808)\n\n - A out of bounds memory read in loader_tga.c could be\n used to crash the imlib2 using application with a\n handcrafted TGA image. (CVE-2006-4807)\n\n - Various integer overflows in width*height calculations\n could lead to heap overflows which could potentially be\n used to execute code. Affected here are the ARGB, PNG,\n LBM, JPEG and TIFF loaders. (CVE-2006-4806)\n\nAdditionally loading of TIFF images on 64bit systems now works.", "edition": 23, "published": "2007-12-13T00:00:00", "title": "SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2245)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2006-4807", "CVE-2006-4809", "CVE-2006-4806", "CVE-2006-4808"], "modified": "2007-12-13T00:00:00", "cpe": ["cpe:/o:suse:suse_linux"], "id": "SUSE_IMLIB2-LOADERS-2245.NASL", "href": "https://www.tenable.com/plugins/nessus/29463", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The text description of this plugin is (C) Novell, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(29463);\n script_version(\"1.15\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/14\");\n\n script_cve_id(\"CVE-2006-4806\", \"CVE-2006-4807\", \"CVE-2006-4808\", \"CVE-2006-4809\");\n\n script_name(english:\"SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2245)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SuSE 10 host is missing a security-related patch.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Various security problems have been fixed in the imlib2 image \nloaders :\n\n - A stack-based buffer overflow in loader_pnm.c could be\n used by attackers to execute code by supplying a\n handcrafted PNM image. (CVE-2006-4809)\n\n - A heap buffer overflow in loader_tga.c could potentially\n be used by attackers to execute code by supplying a\n handcrafted TGA image. (CVE-2006-4808)\n\n - A out of bounds memory read in loader_tga.c could be\n used to crash the imlib2 using application with a\n handcrafted TGA image. (CVE-2006-4807)\n\n - Various integer overflows in width*height calculations\n could lead to heap overflows which could potentially be\n used to execute code. Affected here are the ARGB, PNG,\n LBM, JPEG and TIFF loaders. (CVE-2006-4806)\n\nAdditionally loading of TIFF images on 64bit systems now works.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4806.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4807.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4808.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://support.novell.com/security/cve/CVE-2006-4809.html\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Apply ZYPP patch number 2245.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:suse:suse_linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2006/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/12/13\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) exit(0, \"Local checks are not enabled.\");\nif (!get_kb_item(\"Host/SuSE/release\")) exit(0, \"The host is not running SuSE.\");\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) exit(1, \"Could not obtain the list of installed packages.\");\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) exit(1, \"Failed to determine the architecture type.\");\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") exit(1, \"Local checks for SuSE 10 on the '\"+cpu+\"' architecture have not been implemented.\");\n\n\nflag = 0;\nif (rpm_check(release:\"SLED10\", sp:0, reference:\"imlib2-loaders-1.2.1-17.7\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse exit(0, \"The host is not affected.\");\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}], "cve": [{"lastseen": "2020-10-03T11:48:17", "description": "Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.", "edition": 3, "cvss3": {}, "published": "2006-11-07T00:07:00", "title": "CVE-2006-4808", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4808"], "modified": "2017-07-20T01:33:00", "cpe": ["cpe:/a:enlightenment:imlib2:1.0.3", "cpe:/a:enlightenment:imlib2:1.0.5", "cpe:/a:enlightenment:imlib2:1.0.4", "cpe:/a:enlightenment:imlib2:1.1.1", "cpe:/a:enlightenment:imlib2:1.0.2", "cpe:/a:enlightenment:imlib2:1.0", "cpe:/a:enlightenment:imlib2:1.1", "cpe:/a:enlightenment:imlib2:1.0.1", "cpe:/a:enlightenment:imlib2:1.1.2"], "id": "CVE-2006-4808", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4808", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:enlightenment:imlib2:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:17", "description": "Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.", "edition": 3, "cvss3": {}, "published": "2006-11-07T00:07:00", "title": "CVE-2006-4809", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-4809"], "modified": "2017-07-20T01:33:00", "cpe": ["cpe:/a:enlightenment:imlib2:1.0.3", "cpe:/a:enlightenment:imlib2:1.0.5", "cpe:/a:enlightenment:imlib2:1.0.4", "cpe:/a:enlightenment:imlib2:1.1.1", "cpe:/a:enlightenment:imlib2:1.0.2", "cpe:/a:enlightenment:imlib2:1.0", "cpe:/a:enlightenment:imlib2:1.1", "cpe:/a:enlightenment:imlib2:1.0.1", "cpe:/a:enlightenment:imlib2:1.1.2"], "id": "CVE-2006-4809", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4809", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:enlightenment:imlib2:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:17", "description": "loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.", "edition": 3, "cvss3": {}, "published": "2006-11-07T00:07:00", "title": "CVE-2006-4807", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-4807"], "modified": "2017-07-20T01:33:00", "cpe": ["cpe:/a:enlightenment:imlib2:1.0.3", "cpe:/a:enlightenment:imlib2:1.0.5", "cpe:/a:enlightenment:imlib2:1.0.4", "cpe:/a:enlightenment:imlib2:1.1.1", "cpe:/a:enlightenment:imlib2:1.0.2", "cpe:/a:enlightenment:imlib2:1.0", "cpe:/a:enlightenment:imlib2:1.1", "cpe:/a:enlightenment:imlib2:1.0.1", "cpe:/a:enlightenment:imlib2:1.1.2"], "id": "CVE-2006-4807", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4807", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:a:enlightenment:imlib2:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.4:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:48:17", "description": "Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.", "edition": 3, "cvss3": {}, "published": "2006-11-07T00:07:00", "title": "CVE-2006-4806", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 5.1, "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": true}, "cvelist": ["CVE-2006-4806"], "modified": "2017-07-20T01:33:00", "cpe": ["cpe:/a:enlightenment:imlib2:1.0.3", "cpe:/a:enlightenment:imlib2:1.0.5", "cpe:/a:enlightenment:imlib2:1.0.4", "cpe:/a:enlightenment:imlib2:1.1.1", "cpe:/a:enlightenment:imlib2:1.2.1", "cpe:/a:enlightenment:imlib2:1.0.2", "cpe:/a:enlightenment:imlib2:1.2.2", "cpe:/a:enlightenment:imlib2:1.0", "cpe:/a:enlightenment:imlib2:1.1", "cpe:/a:enlightenment:imlib2:1.3", "cpe:/a:enlightenment:imlib2:1.0.1", "cpe:/a:enlightenment:imlib2:1.1.2"], "id": "CVE-2006-4806", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-4806", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:enlightenment:imlib2:1.1.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.5:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.2.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.3:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.2.2:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:enlightenment:imlib2:1.0.4:*:*:*:*:*:*:*"]}], "osvdb": [{"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4808"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tga.c' during the processing of TGA images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva have released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tga.c' during the processing of TGA images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30102](https://vulners.com/osvdb/OSVDB:30102)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4808](https://vulners.com/cve/CVE-2006-4808)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30103", "id": "OSVDB:30103", "title": "imlib2 loader_tga.c TGA Image Handling Overflow", "type": "osvdb", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4807"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tga.c' 'during the processing of TGA images, and will result in loss of availability for the service\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tga.c' 'during the processing of TGA images, and will result in loss of availability for the service\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\n[Related OSVDB ID: 30103](https://vulners.com/osvdb/OSVDB:30103)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4807](https://vulners.com/cve/CVE-2006-4807)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30102", "id": "OSVDB:30102", "title": "imlib2 loader_tga.c TGA Image Handling Memory Read DoS", "type": "osvdb", "cvss": {"score": 2.6, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4809"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_pnm.c' 'during the processing of PNM images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_pnm.c' 'during the processing of PNM images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30102](https://vulners.com/osvdb/OSVDB:30102)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\n[Related OSVDB ID: 30103](https://vulners.com/osvdb/OSVDB:30103)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4809](https://vulners.com/cve/CVE-2006-4809)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30104", "id": "OSVDB:30104", "title": "imlib2 loader_pnm.c PNM Image Handling Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4806"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_argb.c' during the processing of ARGB images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva have released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_argb.c' during the processing of ARGB images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30102](https://vulners.com/osvdb/OSVDB:30102)\n[Related OSVDB ID: 30106](https://vulners.com/osvdb/OSVDB:30106)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30103](https://vulners.com/osvdb/OSVDB:30103)\n[Related OSVDB ID: 30107](https://vulners.com/osvdb/OSVDB:30107)\n[Related OSVDB ID: 30108](https://vulners.com/osvdb/OSVDB:30108)\n[Related OSVDB ID: 30109](https://vulners.com/osvdb/OSVDB:30109)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\nFrSIRT Advisory: ADV-2006-4349\n[CVE-2006-4806](https://vulners.com/cve/CVE-2006-4806)\nBugtraq ID: 20903\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30105", "id": "OSVDB:30105", "title": "imlib2 loader_argb.c ARGB Image Handling Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4806"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_jpeg.c' during the processing of JPEG images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva have released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_jpeg.c' during the processing of JPEG images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30102](https://vulners.com/osvdb/OSVDB:30102)\n[Related OSVDB ID: 30106](https://vulners.com/osvdb/OSVDB:30106)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\n[Related OSVDB ID: 30103](https://vulners.com/osvdb/OSVDB:30103)\n[Related OSVDB ID: 30107](https://vulners.com/osvdb/OSVDB:30107)\n[Related OSVDB ID: 30109](https://vulners.com/osvdb/OSVDB:30109)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4806](https://vulners.com/cve/CVE-2006-4806)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30108", "id": "OSVDB:30108", "title": "imlib2 loader_jpeg.c JPEG Image Handling Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4806"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_png.c' during the processing of PNG images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva have released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_png.c' during the processing of PNG images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30102](https://vulners.com/osvdb/OSVDB:30102)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\n[Related OSVDB ID: 30103](https://vulners.com/osvdb/OSVDB:30103)\n[Related OSVDB ID: 30107](https://vulners.com/osvdb/OSVDB:30107)\n[Related OSVDB ID: 30108](https://vulners.com/osvdb/OSVDB:30108)\n[Related OSVDB ID: 30109](https://vulners.com/osvdb/OSVDB:30109)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4806](https://vulners.com/cve/CVE-2006-4806)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30106", "id": "OSVDB:30106", "title": "imlib2 loader_png.c PNG Image Handling overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4806"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_lbm.c' during the processing of LBM images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva have released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_lbm.c' during the processing of LBM images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30106](https://vulners.com/osvdb/OSVDB:30106)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\n[Related OSVDB ID: 30103](https://vulners.com/osvdb/OSVDB:30103)\n[Related OSVDB ID: 30108](https://vulners.com/osvdb/OSVDB:30108)\n[Related OSVDB ID: 30109](https://vulners.com/osvdb/OSVDB:30109)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4806](https://vulners.com/cve/CVE-2006-4806)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30107", "id": "OSVDB:30107", "title": "imlib2 loader_lbm.c LBM Image Handling Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2017-04-28T13:20:26", "bulletinFamily": "software", "cvelist": ["CVE-2006-4806"], "description": "## Vulnerability Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tiff.c' during the processing of TIFF images, and will result in loss of availability for the service.\n## Solution Description\nCurrently, there are no known workarounds or upgrades to correct this issue. However, Ubuntu and Mandriva have released a patch to address this vulnerability.\n## Short Description\nImlib2 contains a flaw that may allow a remote denial of service. The issue is triggered due to unspecified errors in 'loader_tiff.c' during the processing of TIFF images, and will result in loss of availability for the service.\n## References:\nVendor URL: http://freshmeat.net/projects/imlib2/\n[Vendor Specific Advisory URL](http://www.mandriva.com/security/advisories?name=MDKSA-2006:198)\n[Vendor Specific Advisory URL](http://www.ubuntu.com/usn/usn-376-1)\n[Vendor Specific Advisory URL](http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html)\n[Secunia Advisory ID:23441](https://secuniaresearch.flexerasoftware.com/advisories/23441/)\n[Secunia Advisory ID:22744](https://secuniaresearch.flexerasoftware.com/advisories/22744/)\n[Secunia Advisory ID:22932](https://secuniaresearch.flexerasoftware.com/advisories/22932/)\n[Secunia Advisory ID:22732](https://secuniaresearch.flexerasoftware.com/advisories/22732/)\n[Secunia Advisory ID:22752](https://secuniaresearch.flexerasoftware.com/advisories/22752/)\n[Related OSVDB ID: 30102](https://vulners.com/osvdb/OSVDB:30102)\n[Related OSVDB ID: 30106](https://vulners.com/osvdb/OSVDB:30106)\n[Related OSVDB ID: 30104](https://vulners.com/osvdb/OSVDB:30104)\n[Related OSVDB ID: 30105](https://vulners.com/osvdb/OSVDB:30105)\n[Related OSVDB ID: 30107](https://vulners.com/osvdb/OSVDB:30107)\n[Related OSVDB ID: 30108](https://vulners.com/osvdb/OSVDB:30108)\nOther Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml\n[CVE-2006-4806](https://vulners.com/cve/CVE-2006-4806)\n", "edition": 1, "modified": "2006-11-06T04:04:01", "published": "2006-11-06T04:04:01", "href": "https://vulners.com/osvdb/OSVDB:30109", "id": "OSVDB:30109", "title": "imlib2 loader_tiff.c TIFF Image Handling Overflow", "type": "osvdb", "cvss": {"score": 5.1, "vector": "AV:NETWORK/AC:HIGH/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}