Info

Disclosure

Aug 31, 2004

Discovery

Unknown

Dates

Exploit

Aug 31, 2004

Solution

Unknown

Description

A remote overflow exists in imlib2. imlib2 fails to properly perform bounds checking on BMP deconding resulting in a buffer overflow. With a specially crafted request, an attacker can cause imlib2 to crash possibly allowing the execution of arbitrary code resulting in a loss of confidentiality and/or integrity.

Classification

Location: Remote/Network Access Required
Attack Type: Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, the imlib2 development team has released a patch to address this vulnerability.

Products

Carsten Haitzler	imlib2	1.1.1
		1.0.x
		1.1.0

References

Security Tracker: 1011105
Secunia Advisory ID: 12459 12675
ISS X-Force ID: 17183
CVE ID: 2004-0802 (see also: NVD)
Vendor Specific Solution URL: http://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/
Other Advisory URL: http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000870

Credit

Marcus Meissner - meissnersuse.de -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Carsten Haitzler

imlib2

References

Credit