Vendor CVEs
Enlightenment
All CVEs
34 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-4024 | Cri | 0.64 | 9.8 | 0.06 | May 13, 2016 | Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation. | ||
| CVE-2016-3994 | Hig | 0.54 | 8.2 | 0.03 | May 13, 2016 | The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read. | ||
| CVE-2014-1846 | Hig | 0.51 | 7.8 | 0.00 | Apr 27, 2018 | Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method. | ||
| CVE-2014-1845 | Hig | 0.51 | 7.8 | 0.00 | Apr 27, 2018 | An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment. | ||
| CVE-2015-8971 | Hig | 0.51 | 7.8 | 0.01 | Jan 23, 2017 | Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063. | ||
| CVE-2016-3993 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2016 | Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates. | ||
| CVE-2014-9771 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2016 | Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation. | ||
| CVE-2014-9764 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2016 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. | ||
| CVE-2014-9763 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2016 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file. | ||
| CVE-2014-9762 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2016 | imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap. | ||
| CVE-2011-5326 | Hig | 0.49 | 7.5 | 0.03 | May 13, 2016 | imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse. | ||
| CVE-2022-37706 | 0.07 | — | 0.05 | Dec 25, 2022 | enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring. | |||
| CVE-2002-0143 | 0.03 | — | 0.01 | Mar 25, 2002 | Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable. | |||
| CVE-2024-25450 | 0.00 | — | 0.01 | Feb 9, 2024 | imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). | |||
| CVE-2024-25447 | 0.00 | — | 0.01 | Feb 9, 2024 | An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||
| CVE-2024-25448 | 0.00 | — | 0.01 | Feb 9, 2024 | An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image. | |||
| CVE-2020-12761 | 0.00 | — | 0.02 | May 9, 2020 | modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. | |||
| CVE-2018-20167 | 0.00 | — | 0.03 | Dec 17, 2018 | Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop… | |||
| CVE-2010-0991 | 0.00 | — | 0.02 | Apr 22, 2010 | Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h. | |||
| CVE-2008-6079 | 0.00 | — | 0.03 | Feb 6, 2009 | imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows." | |||
| CVE-2008-5187 | 0.00 | — | 0.04 | Nov 21, 2008 | The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a… | |||
| CVE-2008-2426 | 0.00 | — | 0.06 | Jun 2, 2008 | Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in… | |||
| CVE-2007-3568 | 0.00 | — | 0.02 | Jul 5, 2007 | The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. | |||
| CVE-2006-4809 | 0.00 | — | 0.04 | Nov 7, 2006 | Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image. | |||
| CVE-2006-4808 | 0.00 | — | 0.04 | Nov 7, 2006 | Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image. | |||
| CVE-2006-4806 | 0.00 | — | 0.04 | Nov 7, 2006 | Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF… | |||
| CVE-2006-4807 | 0.00 | — | 0.02 | Nov 7, 2006 | loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808. | |||
| CVE-2004-1026 | 0.00 | — | 0.05 | Jan 10, 2005 | Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||
| CVE-2004-1025 | 0.00 | — | 0.05 | Jan 10, 2005 | Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files. | |||
| CVE-2004-0817 | 0.00 | — | 0.05 | Dec 31, 2004 | Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. | |||
| CVE-2004-0802 | 0.00 | — | 0.03 | Dec 31, 2004 | Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. | |||
| CVE-2004-0827 | 0.00 | — | 0.06 | Sep 16, 2004 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||
| CVE-2002-0167 | 0.00 | — | 0.02 | Apr 22, 2002 | Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM. | |||
| CVE-2002-0168 | 0.00 | — | 0.02 | Apr 22, 2002 | Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption. |
- risk 0.64cvss 9.8epss 0.06
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
- risk 0.54cvss 8.2epss 0.03
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
- risk 0.51cvss 7.8epss 0.00
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
- risk 0.51cvss 7.8epss 0.00
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
- risk 0.51cvss 7.8epss 0.01
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
- risk 0.49cvss 7.5epss 0.03
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
- risk 0.49cvss 7.5epss 0.03
Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
- risk 0.49cvss 7.5epss 0.03
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
- risk 0.49cvss 7.5epss 0.03
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
- risk 0.49cvss 7.5epss 0.03
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
- risk 0.49cvss 7.5epss 0.03
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
- CVE-2022-37706Dec 25, 2022risk 0.07cvss —epss 0.05
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
- CVE-2002-0143Mar 25, 2002risk 0.03cvss —epss 0.01
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
- CVE-2024-25450Feb 9, 2024risk 0.00cvss —epss 0.01
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
- CVE-2024-25447Feb 9, 2024risk 0.00cvss —epss 0.01
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
- CVE-2024-25448Feb 9, 2024risk 0.00cvss —epss 0.01
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
- CVE-2020-12761May 9, 2020risk 0.00cvss —epss 0.02
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
- CVE-2018-20167Dec 17, 2018risk 0.00cvss —epss 0.03
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop…
- CVE-2010-0991Apr 22, 2010risk 0.00cvss —epss 0.02
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.
- CVE-2008-6079Feb 6, 2009risk 0.00cvss —epss 0.03
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
- CVE-2008-5187Nov 21, 2008risk 0.00cvss —epss 0.04
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a…
- CVE-2008-2426Jun 2, 2008risk 0.00cvss —epss 0.06
Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in…
- CVE-2007-3568Jul 5, 2007risk 0.00cvss —epss 0.02
The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
- CVE-2006-4809Nov 7, 2006risk 0.00cvss —epss 0.04
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
- CVE-2006-4808Nov 7, 2006risk 0.00cvss —epss 0.04
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
- CVE-2006-4806Nov 7, 2006risk 0.00cvss —epss 0.04
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF…
- CVE-2006-4807Nov 7, 2006risk 0.00cvss —epss 0.02
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
- CVE-2004-1026Jan 10, 2005risk 0.00cvss —epss 0.05
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
- CVE-2004-1025Jan 10, 2005risk 0.00cvss —epss 0.05
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
- CVE-2004-0817Dec 31, 2004risk 0.00cvss —epss 0.05
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
- CVE-2004-0802Dec 31, 2004risk 0.00cvss —epss 0.03
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
- CVE-2004-0827Sep 16, 2004risk 0.00cvss —epss 0.06
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
- CVE-2002-0167Apr 22, 2002risk 0.00cvss —epss 0.02
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.
- CVE-2002-0168Apr 22, 2002risk 0.00cvss —epss 0.02
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.