imlib BMP Decoding Overflow

2004-08-31T00:00:00
ID OSVDB:9435
Type osvdb
Reporter Marcus Meissner(meissner@suse.de)
Modified 2004-08-31T00:00:00

Description

Vulnerability Description

A remote overflow exists in imlib. imlib fails to perform proper bounds checking on BMP files resulting in a non-descript overflow. With a specially crafted request, an attacker can potentially cause imlib to crash or allow arbitrary code execution resulting in a loss of confidentiality and/or integrity.

Solution Description

Currently, there are no known workarounds or upgrades to correct this issue. However, The Gnome Project has released a patch to address this vulnerability.

Short Description

A remote overflow exists in imlib. imlib fails to perform proper bounds checking on BMP files resulting in a non-descript overflow. With a specially crafted request, an attacker can potentially cause imlib to crash or allow arbitrary code execution resulting in a loss of confidentiality and/or integrity.

References:

Vendor Specific Solution URL: http://bugzilla.gnome.org/show_bug.cgi?id=151034 Vendor Specific Solution URL: http://bugzilla.gnome.org/attachment.cgi?id=30934&action=view Vendor Specific Advisory URL Security Tracker: 1011104 Secunia Advisory ID:12675 Secunia Advisory ID:12429 Secunia Advisory ID:12573 Secunia Advisory ID:12623 Secunia Advisory ID:12625 Secunia Advisory ID:12479 Secunia Advisory ID:12502 Secunia Advisory ID:12539 Secunia Advisory ID:12563 RedHat RHSA: RHSA-2004:465 Other Advisory URL: http://www.debian.org/security/2004/dsa-548 Other Advisory URL: http://www.debian.org/security/2004/dsa-552 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000870 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:102 Nessus Plugin ID:14704 Nessus Plugin ID:14703 Nessus Plugin ID:14735 ISS X-Force ID: 17182 CVE-2004-0817 Bugtraq ID: 11084