rpm package
opensuse/imlib2&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/imlib2&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-12761 | — | < 1.11.1-2.1 | 1.11.1-2.1 | May 9, 2020 | modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | ||
| CVE-2010-0991 | — | < 1.4.9-1.4 | 1.4.9-1.4 | Apr 22, 2010 | Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h. | ||
| CVE-2008-5187 | — | < 1.7.1-1.6 | 1.7.1-1.6 | Nov 21, 2008 | The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a diffe | ||
| CVE-2008-2426 | — | < 1.7.1-1.6 | 1.7.1-1.6 | Jun 2, 2008 | Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_p |
- CVE-2020-12761May 9, 2020affected < 1.11.1-2.1fixed 1.11.1-2.1
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
- CVE-2010-0991Apr 22, 2010affected < 1.4.9-1.4fixed 1.4.9-1.4
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.
- CVE-2008-5187Nov 21, 2008affected < 1.7.1-1.6fixed 1.7.1-1.6
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a diffe
- CVE-2008-2426Jun 2, 2008affected < 1.7.1-1.6fixed 1.7.1-1.6
Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_p