Ubuntu
imlib2 package

[CVE-2008-2426] imlib2 PNM and XPM buffer overflows

Bug #235915 reported by Till Ulen on 2008-05-30

256

	Status	Importance	Assigned to
imlib2 (Arch Linux)	Fix Released	Undecided	Unassigned
imlib2 (Debian)	Fix Released	Unknown	debbugs #483816
imlib2 (Ubuntu)	Fix Released	Undecided	Unassigned
Dapper	Fix Released	Undecided	Unassigned
Feisty	Won't Fix	Undecided	Unassigned
Gutsy	Fix Released	Undecided	Unassigned
Hardy	Fix Released	Undecided	Unassigned

Bug Description

CVE-2008-2426 description:

"1) A boundary error exists within the "load()" function in
src/modules/loaders/loader_pnm.c when processing the header of a
PNM image file. This can be exploited to cause a stack-based buffer
overflow by e.g. tricking a user into opening a specially crafted
PNM image in an application using the imlib2 library.

[...]

2) A boundary error exists within the "load()" function in
src/modules/loader_xpm.c when processing an XPM image file. This can
be exploited to cause a stack-based buffer overflow by e.g. tricking
a user into opening a specially crafted XPM image with an application
using the imlib2 library."

http://secunia.com/secunia_research/2008-25/advisory/

Related branches

lp:ubuntu/dapper-security/imlib2

lp:ubuntu/gutsy-updates/imlib2

lp:ubuntu/hardy-updates/imlib2

CVE References

2008-2426

Revision history for this message

Till Ulen (tillulen) wrote on 2008-06-12:

Debian advisory:
http://www.debian.org/security/2008/dsa-1594 (not yet available on the web site)
In the mean time, see http://lists.debian.org/debian-security-announce/2008/msg00175.html

André Klitzing (misery) on 2008-06-16

Changed in imlib2:
status:	New → Fix Committed
status:	Fix Committed → Fix Released

Revision history for this message

Sarah Kowalik (hobbsee-deactivatedaccount) wrote on 2008-07-26:

Fixed in intrepid, marking others as needing to be fixed.

Changed in imlib2:
status:	New → Fix Released

Revision history for this message

Iain Lane (laney) wrote on 2008-07-26:

Looking into this

Changed in imlib2:
assignee:	nobody → laney
status:	New → In Progress

Revision history for this message

Iain Lane (laney) wrote on 2008-07-26:

Debdiff for hardy-security Edit (1.6 KiB, text/plain)

Changed in imlib2:
status:	In Progress → Confirmed

Bug Watch Updater (bug-watch-updater) on 2008-07-26

Changed in imlib2:
status:	Unknown → Fix Released

Revision history for this message

Iain Lane (laney) wrote on 2008-07-26:

cve-2008-2426-dapper-security.debdiff Edit (3.5 KiB, text/plain)

Revision history for this message

Iain Lane (laney) wrote on 2008-07-26:

cve-2008-2426-feisty-security.debdiff Edit (1.9 KiB, text/plain)

Revision history for this message

Iain Lane (laney) wrote on 2008-07-26:

cve-2008-2426-gutsy-security.debdiff Edit (1.9 KiB, text/plain)

Revision history for this message

Iain Lane (laney) wrote on 2008-07-26:

imlib2 (1.4.0-1ubuntu1.1) hardy-security; urgency=low

  * SECURITY UPDATE: Stack-based buffer overflow in pnm and xpm image loader
    modules leads to arbitrary code execution.
  * Backport patch from Intrepid to fix this issue. (LP: #235915)
  * References:
    http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=483816
    CVE-2008-2426

-- Iain Lane <email address hidden> Sat, 26 Jul 2008 14:45:05 +0100

Changed in imlib2:
status:	New → Confirmed
status:	New → Confirmed
status:	New → Confirmed

Iain Lane (laney) on 2008-07-28

Changed in imlib2:
assignee:	laney → nobody

Jamie Strandboge (jdstrand) on 2008-11-04

Changed in imlib2:
status:	Confirmed → In Progress
status:	Confirmed → In Progress
status:	Confirmed → In Progress
status:	Confirmed → In Progress

Revision history for this message

Hew (hew) wrote on 2008-12-15:

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in imlib2:
status:	In Progress → Won't Fix

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-12-22:

#10

This bug was fixed in the package imlib2 - 1.3.0.0debian1-4ubuntu0.2

---------------
imlib2 (1.3.0.0debian1-4ubuntu0.2) gutsy-security; urgency=low

  * SECURITY UPDATE: denial of service and code execution via load function
    in the XPM and PNG loaders (LP: #235915)
    - debian/patches/211_SECURITY_CVE-2008-2426.patch: add checks to make sure
      we don't overflow the buffers in XPM and PNG loaders.
    - CVE-2008-2426

-- Marc Deslauriers <email address hidden> Thu, 18 Dec 2008 13:51:13 -0500

Changed in imlib2:
status:	In Progress → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2008-12-22:

#11

This bug was fixed in the package imlib2 - 1.4.0-1ubuntu1.2

---------------
imlib2 (1.4.0-1ubuntu1.2) hardy-security; urgency=low

-- Marc Deslauriers <email address hidden> Thu, 18 Dec 2008 14:07:46 -0500

Changed in imlib2:
status:	In Progress → Fix Released

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2008-12-22:

#12

Released in USN-697-1

Changed in imlib2:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Patches

Add patch

Remote bug watches

debbugs #483816
[done grave patch security] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntuimlib2 package

[CVE-2008-2426] imlib2 PNM and XPM buffer overflows

Bug Description

Related branches

CVE References

Other bug subscribers

Patches

Remote bug watches

Ubuntu
imlib2 package