22 matches found
CVE-2016-3994
The CVE-2016-3994 issue affects the GIF loader in imlib2 up to version 1.4.9, caused by an out-of-bounds read that can lead to a denial of service (application crash) or exposure of sensitive information. A fix is available in upstream imlib2 1.4.9 and related security updates (e.g., Ubuntu/Fedor...
CVE-2020-12761
CVE-2020-12761 affects imlib2 1.6.0, where modules/loaders/loader_ico.c contains an integer overflow that enables invalid memory allocations and out-of-bounds reads when processing ICO icons with many colors in the color map. Public writeups (Ubuntu/SUSE/CNVD/OSV entries) describe it as enabling ...
CVE-2004-0827
CVE-2004-0827 affects ImageMagick 5.x before 5.4.4 and 6.x before 6.0.6.2, with remote denial of service and potential arbitrary code execution via malformed AVI, BMP, or DIB files. Multiple connected advisories (Ubuntu USN-35-1, Debian DSA 547-1, Red Hat RHSA-2004:480/636, etc.) corroborate buff...
CVE-2014-9762
CVE-2014-9762 affects imlib2 before 1.4.7; GIF images without a colormap can trigger a denial of service (segfault). Connected advisories (openSUSE, Gentoo GLSA, Debian DSA, Ubuntu USN) confirm the issue and show remediation by upgrading imlib2 to a newer release (e.g., openSUSE-2016-600 patches ...
CVE-2004-0817
CVE-2004-0817 describes multiple heap-based buffer overflows in the imlib BMP image handler that allow remote attackers to execute arbitrary code via a crafted BMP file. Connected advisories confirm the affected component is imlib/imlib2 BMP decoding code and reference vendor/security updates (e....
CVE-2014-9763
CVE-2014-9763 affects imlib2 up to version 1.4.6, where handling of PNM files can trigger a division-by-zero in the loader, leading to a remote DoS and application crash. Connected advisories confirm this issue across multiple distros and patch the vulnerability by upgrading to imlib2 1.4.7 or ne...
CVE-2004-0802
CVE-2004-0802 affects imlib2’s BMP loader and is caused by a buffer overflow in the BMP loading path. The vulnerability allows remote attackers to execute arbitrary code by delivering a specially crafted BMP image, and it is confined to imlib2 versions before 1.1.2 (distinct from CVE-2004-0817). ...
CVE-2008-5187
CVE-2008-5187 affects imlib2 up to at least 1.4.2, where the XPM loader’s load function can crash or potentially allow code execution via a crafted XPM, caused by a pointer arithmetic error leading to a heap-based buffer overflow. Concrete details in connected advisories confirm this vulnerabilit...
CVE-2014-9764
CVE-2014-9764 affects imlib2, specifically the GIF loader. A crafted GIF can cause a segmentation fault (DoS) in versions before 1.4.7. Connected advisories show multiple vendors addressing imlib2 GIF/PNM/GIF-w/o-colormap issues; patches upgrade imlib2 to at least 1.4.9 (openSUSE openSUSE-2016-60...
CVE-2016-4024
CVE-2016-4024 affects imlib2 prior to 1.4.9 on 32-bit platforms, caused by an integer overflow in image dimension handling that leads to an out-of-bounds heap write and remote code execution. Connected advisories (Gentoo GLSA-201611-12, Ubuntu USN-3075-1, Fedora advisories) confirm imlib2 remote ...
CVE-2014-9771
CVE-2014-9771 is an integer overflow in Imlib2 before 1.4.7 that allows remote attackers to cause a denial of service (memory exhaustion or crash) via a crafted image by triggering an invalid read/write during image handling. Public reports in multiple advisories confirm the issue affect the Imli...
CVE-2011-5326
CVE-2011-5326 concerns the image library imlib2 . The connected sources confirm a vulnerability in imlib2 prior to version 1.4.9 where the ellipse drawing code could trigger a division-by-zero when rendering a 2x1 ellipse, leading to a denial of service (application crash). The issue is addressed...
CVE-2016-3993
CVE-2016-3993 affects the Imlib2 library (imlib2) due to an off-by-one error in the __imlib_MergeUpdate function (lib/updates.c) present before version 1.4.9. This results in an out-of-bounds read and can cause a denial of service (application crash) when processing crafted coordinates. Connected...
CVE-2008-6079
CVE-2008-6079 affects imlib2 prior to 1.4.2, where the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM image loaders may trigger several heap/stack-based overflows (partly due to integer overflows) when processing crafted files. Public disclosures in Debian DSA-2029-1 and Mandriva/Nessus advisories confir...
CVE-2024-25448
CVE-2024-25448 affects imlib2 1.9.1; the vulnerability is in imlib_free_image_and_decache and allows a heap buffer overflow via parsing a crafted image. The provided documents describe the affected component and the impact (memory corruption) but do not include remediation details or patched vers...
CVE-2006-4806
CVE-2006-4806 describes multiple integer overflows in imlib2 image loaders (ARGB, PNG, LBM, JPEG, TIFF) that can cause denial of service and potentially arbitrary code execution via crafted images. Affected components are the image loaders (loader_argb.c, loader_png.c, loader_lbm.c, loader_jpeg.c...
CVE-2006-4807
The CVE-2006-4807 issue affects imlib2 (loader_tga.c) and is described as an out-of-bounds memory read in the TGA image loader that can crash the application via a crafted TGA image (user-assisted remote trigger). The vulnerability is tied to imlib2 versions before 1.2.1. Several advisories confi...
CVE-2006-4808
Vulnerability: imlib2 before 1.2.1 contains a heap-based overflow in loader_tga.c (TGA image loader) that can be triggered by a crafted TGA image, potentially causing denial of service and possibly leading to arbitrary code execution. Affected: imlib2 and possibly other versions; root cause is he...
CVE-2024-25450
CVE-2024-25450 concerns imlib2 v1.9.1, where memory allocation is mishandled in the function init_imlib_fonts() . The vulnerability is documented with a high severity (CVSS v3.1 base score 8.8) and an attacker could exploit it via network conditions without user installation privileges, with user...
CVE-2006-4809
CVE-2006-4809: A stack-based buffer overflow in loader_pnm.c of imlib2 (before version 1.2.1) can be triggered by processing a crafted PNM image. This allows a user-assisted remote attacker to crash the application and potentially execute arbitrary code. Affected product is imlib2; vulnerability ...
CVE-2024-25447
CVE-2024-25447 affects imlib2 v1.9.1, where the function imlib_load_image_with_error_return can be exploited to cause a heap-based buffer overflow by parsing a crafted image. The issue is consistently described across multiple sources as a vulnerability in imlib2 with potential high impact (confi...
CVE-2010-0991
CVE-2010-0991 affects imlib2 1.4.3, where heap-based buffer overflows can be triggered by crafted ARGB, XPM, or BMP files due to a logic error in the IMAGE_DIMENSIONS_OK macro in lib/image.h. This has been documented across multiple sources; some advisories note the issue and reference a fix in l...