Published: 02/06/2008 Updated: 11/10/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 828

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

Vulnerable Product	Search on Vulmon	Subscribe to Product
carsten haitzler imlib2 1.4.0

Debian Bug report logs - #483816 imlib2: CVE-2008-2426 buffer overflows in xpm and pnm loader Package: libimlib2; Maintainer for libimlib2 is Markus Koschany <apo@debianorg>; Source for libimlib2 is src:imlib2 (PTS, buildd, popcon) Reported by: Nico Golde <nion@debianorg> Date: Sat, 31 May 2008 13:27:02 UTC Severi ...

It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user’s privileges ...

CWE-119 http://secunia.com/secunia_research/2008-25/advisory/http://www.securityfocus.com/bid/29417 http://securitytracker.com/id?1020146 http://secunia.com/advisories/30401 https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00030.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00052.html https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00113.html http://secunia.com/advisories/30485 http://www.gentoo.org/security/en/glsa/glsa-200806-03.xml http://www.debian.org/security/2008/dsa-1594 http://secunia.com/advisories/30572 http://secunia.com/advisories/30727 http://www.mandriva.com/security/advisories?name=MDVSA-2008:123 http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html http://www.ubuntu.com/usn/USN-697-1 http://secunia.com/advisories/31982 http://www.vupen.com/english/advisories/2008/1700 https://exchange.xforce.ibmcloud.com/vulnerabilities/42732 http://www.securityfocus.com/archive/1/492739/100/0/threaded https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483816 https://usn.ubuntu.com/697-1/https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2008-2426

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect