Your submission was sent successfully! Close

CVE-2008-2426

Published: 2 June 2008

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

Priority

Medium

Status

Package Release Status
imlib2
Launchpad, Ubuntu, Debian
dapper
Released (1.2.1-2ubuntu0.4)
feisty Needed
(reached end-of-life)
gutsy
Released (1.3.0.0debian1-4ubuntu0.2)
hardy
Released (1.4.0-1ubuntu1.2)
intrepid Not vulnerable
(1.4.0-1.1ubuntu1.1)
upstream Not vulnerable
(1.4.0-1.1)
Patches:
vendor: http://www.debian.org/security/2008/dsa-1594
debdiff: http://launchpadlibrarian.net/16322082/cve-2008-2426-hardy-security.debdiff