Your submission was sent successfully! Close

CVE-2020-12761

Published: 9 May 2020

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

Notes

AuthorNote
leosilva
introduced in later so old releases aren't affected
Priority

Medium

CVSS 3 base score: 9.1

Status

Package Release Status
imlib2
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
eoan Ignored
(reached end-of-life)
focal
Released (1.6.1-1ubuntu0.1)
groovy Not vulnerable
(1.6.1-2)
hirsute Not vulnerable
(1.6.1-2)
impish Not vulnerable
(1.6.1-2)
jammy Not vulnerable
(1.6.1-2)
precise Does not exist

trusty Not vulnerable
(code not present)
upstream Needs triage

xenial Ignored
(end of standard support, was needs-triage)
Patches:
upstream: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63