Info

Disclosure

Aug 31, 2004

Discovery

Unknown

Dates

Exploit

Aug 31, 2004

Solution

Unknown

Description

A remote overflow exists in imlib. imlib fails to perform proper bounds checking on BMP files resulting in a non-descript overflow. With a specially crafted request, an attacker can potentially cause imlib to crash or allow arbitrary code execution resulting in a loss of confidentiality and/or integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, The Gnome Project has released a patch to address this vulnerability.

Products

Carsten Haitzler

imlib

1.9.14

References

Security Tracker: 1011104
Bugtraq ID: 11084
Secunia Advisory ID: 12429 12479 12502 12539 12563 12573 12623 12625 12675
ISS X-Force ID: 17182
CVE ID: 2004-0817 (see also: NVD)
Vendor Specific Solution URL: http://bugzilla.gnome.org/attachment.cgi?id=30934&action=view
http://bugzilla.gnome.org/show_bug.cgi?id=151034
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000870
http://www.debian.org/security/2004/dsa-548
http://www.debian.org/security/2004/dsa-552
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:102
Vendor Specific Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200409-12.xml
RedHat RHSA: RHSA-2004:465

Credit

Marcus Meissner - meissnersuse.de -

Direct URL: http://osvdb.org/36218