Ubuntu

  1. Bug #11113
  2. Comment #7

Comment 7 for bug 11113

Revision history for this message
In , Andreas Metzler (ametzler-downhill) wrote : Re: Bug#284925: imlib: Vulnerable to GLSA 200412-03?

On 2004-12-09 Andreas Metzler <email address hidden> wrote:
> Package: imlib,imlib+png2
> Severity: normal
> Tags: security,patch

> Hello,
> ---------------------
> http://www.gentoo.org/security/en/glsa/glsa-200412-03.xml
> Synopsis
> Multiple overflows have been found in the imlib library image decoding
> routines, potentially allowing execution of arbitrary code.
[...]

Applies to woody, too.
WOODYametzler@downhill:/tmp$ gdb ./imlib-example-woody
(gdb) run imlib_die.xpm
Starting program: /tmp/imlib-example-woody imlib_die.xpm
Program received signal SIGSEGV, Segmentation fault.
0x400b2464 in strcat () from /lib/libc.so.6
(gdb) bt
#0 0x400b2464 in strcat () from /lib/libc.so.6
#1 0x4001f44f in _LoadXPM () from /usr/lib/libImlib.so.1
#2 0x41414141 in ?? ()
Cannot access memory at address 0x41414141

ii imlib1 1.9.14-2wody1 Imlib is an imaging library for X and X11
ii xlibs 4.1.0-16woody5 X Window System client libraries
                cu andreas
--
"See, I told you they'd listen to Reason," [SPOILER] Svfurlr fnlf,
fuhggvat qbja gur juveyvat tha.
Neal Stephenson in "Snow Crash"