PT-2006-1077 · Enlightenment Foundation Libraries · Imlib2

M. Joonas Pihlaja

Published

2006-11-07

Updated

2017-07-20

CVE-2006-4808

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: imlib2 versions prior to 1.3.0 imlib2 versions prior to 1.2.1

Description: The issue is related to a heap-based buffer overflow in the loader tga.c file of imlib2, which can be exploited by remote attackers using a crafted TGA image, potentially leading to a denial of service or execution of arbitrary code. Multiple vulnerabilities in the imlib2 package can compromise the confidentiality, integrity, and availability of protected information and can be exploited remotely.

Recommendations: For imlib2 versions prior to 1.2.1, update to version 1.2.1 or later. For imlib2 versions prior to 1.3.0, update to version 1.3.0 or later. As a temporary workaround, consider avoiding the use of TGA images with imlib2 until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BDU:2015-09534

CVE-2006-4808

Affected Products

Imlib2

PT-2006-1077 · Enlightenment Foundation Libraries · Imlib2

CVE-2006-4808

Related Identifiers

Affected Products

References · 21