imlib2 BMP Image Decoding Overflow

2004-08-25T11:34:00
ID OSVDB:9781
Type osvdb
Reporter Marcus Meissner(meissner@suse.de)
Modified 2004-08-25T11:34:00

Description

Vulnerability Description

A remote overflow exists in imlib2. imlib2 fails to decode runlength-encoded BMP images resulting in a buffer overflow. With a specially crafted BMP file, an attacker can cause execution of arbitrary code resulting in a loss of integrity and/or availability.

Solution Description

Upgrade to version 1.1.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in imlib2. imlib2 fails to decode runlength-encoded BMP images resulting in a buffer overflow. With a specially crafted BMP file, an attacker can cause execution of arbitrary code resulting in a loss of integrity and/or availability.

References:

Vendor Specific Solution URL: http://sourceforge.net/project/showfiles.php?group_id=2&package_id=11130 Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1011105 Secunia Advisory ID:12675 Secunia Advisory ID:12429 Secunia Advisory ID:12573 Secunia Advisory ID:12623 Secunia Advisory ID:12625 Secunia Advisory ID:12539 Secunia Advisory ID:12563 Related OSVDB ID: 9780 RedHat RHSA: RHSA-2004:465 Other Advisory URL: http://www.debian.org/security/2004/dsa-548 Other Advisory URL: http://www.debian.org/security/2004/dsa-552 Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000870 Other Advisory URL: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:102 Nessus Plugin ID:14735 Nessus Plugin ID:14703 Nessus Plugin ID:14704 ISS X-Force ID: 17183 CVE-2004-0817 Bugtraq ID: 11084