Your submission was sent successfully! Close

CVE-2008-5187

Published: 21 November 2008

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

Priority

Low

Status

Package Release Status
imlib2
Launchpad, Ubuntu, Debian
dapper
Released (1.2.1-2ubuntu0.3)
gutsy
Released (1.3.0.0debian1-4ubuntu0.1)
hardy
Released (1.4.0-1ubuntu1.1)
intrepid
Released (1.4.0-1.1ubuntu1.1)
upstream Needs triage

Patches:
upstream: http://trac.enlightenment.org/e/changeset/37744