Your submission was sent successfully! Close

CVE-2020-12761

Published: 09 May 2020

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
imlib2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 21.10 (Impish Indri) Not vulnerable
(1.6.1-2)
Ubuntu 21.04 (Hirsute Hippo) Not vulnerable
(1.6.1-2)
Ubuntu 20.04 LTS (Focal Fossa)
Released (1.6.1-1ubuntu0.1)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(code not present)
Ubuntu 16.04 ESM (Xenial Xerus) Ignored
(end of standard support, was needs-triage)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63