Launchpad.net

CVE 2008-2426

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

Related bugs and status

CVE-2008-2426 (Candidate) is related to these bugs:

Bug #235915: [CVE-2008-2426] imlib2 PNM and XPM buffer overflows

		In	Importance	Status
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Ubuntu)	Undecided	Fix Released
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Arch Linux)	Undecided	Fix Released
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Ubuntu Dapper)	Undecided	Fix Released
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Ubuntu Feisty)	Undecided	Won't Fix
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Ubuntu Hardy)	Undecided	Fix Released
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Ubuntu Gutsy)	Undecided	Fix Released
235915	[CVE-2008-2426] imlib2 PNM and XPM buffer overflows	imlib2 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: http://secunia.com/sec...
BID: 29417
SECTRACK: 1020146
SECUNIA: 30401
FEDORA: FEDORA-2008-4842
FEDORA: FEDORA-2008-4871
FEDORA: FEDORA-2008-4950
SECUNIA: 30485
GENTOO: GLSA-200806-03
SECUNIA: 30572
DEBIAN: DSA-1594
SECUNIA: 30727
MANDRIVA: MDVSA-2008:123
SUSE: SUSE-SR:2008:018
UBUNTU: USN-697-1
SECUNIA: 31982
VUPEN: ADV-2008-1700
XF: imlib2-pnm-xpm-bo(42732)
BUGTRAQ: 20080529 Secunia Resea...