CVE-2008-5187

Published: 21 November 2008

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

Priority

Status

Package	Release	Status
imlib2 Launchpad, Ubuntu, Debian	dapper	Released (1.2.1-2ubuntu0.3)
	gutsy	Released (1.3.0.0debian1-4ubuntu0.1)
	hardy	Released (1.4.0-1ubuntu1.1)
	intrepid	Released (1.4.0-1.1ubuntu1.1)
	upstream	Needs triage
	Patches: upstream: http://trac.enlightenment.org/e/changeset/37744

References

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714
https://ubuntu.com/security/notices/USN-683-1
https://www.cve.org/CVERecord?id=CVE-2008-5187
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.