CVE-2020-12761

Name of the Vulnerable Software and Affected Versions Imlib2 version 1.6.0

Description The issue is related to an integer overflow in the modules/loaders/loader ico.c component of the Imlib2 image processing library, which can lead to invalid memory allocations and out-of-bounds reads. This can be triggered by an icon with a large number of colors in its color map. Exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For Imlib2 version 1.6.0, consider restricting the use of the loader ico.c component until a patch is available. As a temporary workaround, avoid using icons with a large number of colors in their color maps to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.