Gentoo Bug 223965 - media-libs/imlib2 <1.4.0-r1 PNM and XPM Buffer Overflow Vulnerabilities (CVE-2008-2426)

Description:

Opened: 2008-05-28 15:22 0000

This bug is marked confidential, do not disclose any information or commit
anything until the bug has been made public.

Secunia Research reports a vulnerability in imlib2 (CVE-2008-2426).
Preliminary disclosure date is 2008-06-11.

The following is an excerpt from the vulnerability report, more details are
available:
[...]
Credit: Stefan Cornelius, Secunia Research
[...]

-- Details --

1) There is a boundary error within the "load()" function in
src/modules/loaders/loader_pnm.c when reading the header of an PNM image
file, which can be exploited to cause a stack-based buffer overflow by
e.g. tricking a user into opening a specially crafted PNM image with an
application using the imlib2 library.
[...]
Successful exploitation allows the execution of arbitrary code.

2) There is a boundary error within the "load()" function in
src/modules/loader_xpm.c when processing an XPM image file, which can be
exploited to cause a stack-based buffer overflow by e.g. tricking a user
into opening a specially crafted XPM image with an application using the
imlib2 library.
[...]

------- Comment #1 From Matthias Geerdsen 2008-05-28 15:25:06 0000 -------

upstream has been contacted by secunia btw

------- Comment #2 From Matthias Geerdsen 2008-05-29 15:00:50 0000 -------

public via $URL

patch is supposed to be in CVS according to that advisory

------- Comment #3 From Tomas Hoger 2008-05-30 09:36:22 0000 -------

Patches from upstream CVS:

https://bugzilla.redhat.com/show_bug.cgi?id=449073#c4

HTH

------- Comment #4 From SpanKY 2008-05-31 05:42:43 0000 -------

ive added 1.4.0-r1 and imlib2-1.4.1.000-r1 to the tree ... while both should be
fine for stable, i imagine people would be more comfortable with the former

------- Comment #5 From Robert Buchholz 2008-05-31 09:11:44 0000 -------

That was a straight-to-stable bump for 1.4.0-r1 ;-)

So going directly to [glsa]

------- Comment #6 From SpanKY 2008-05-31 10:51:31 0000 -------

imlib2-1.4.0-r1 isnt in stable ...

------- Comment #7 From Robert Buchholz 2008-05-31 23:34:06 0000 -------

(In reply to comment #6)
> imlib2-1.4.0-r1 isnt in stable ...

You are right. In that case, it seems there is a bug in adjutrix, because it
actually outputs the version as stable:
...
1.4.0-r1     | + + + + +   + + +   + +   + ~ |
...
grep KEYWORDS proves you right:
imlib2-1.4.0-r1.ebuild:KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc
~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"

------- Comment #8 From Robert Buchholz 2008-05-31 23:34:51 0000 -------

Arches, please test and mark stable:
=media-libs/imlib2-1.4.0-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"

------- Comment #9 From Christian Faulhammer 2008-06-01 08:45:34 0000 -------

x86 stable

------- Comment #10 From Markus Rothe 2008-06-01 10:54:27 0000 -------

ppc64 stable

------- Comment #11 From Jeroen Roovers 2008-06-02 04:14:00 0000 -------

Stable for HPPA.

------- Comment #12 From Raúl Porcel 2008-06-02 10:24:08 0000 -------

alpha/ia64/sparc stable

------- Comment #13 From Steve Dibb 2008-06-03 14:20:05 0000 -------

amd64 stable

------- Comment #14 From Tobias Scherbaum 2008-06-05 18:06:53 0000 -------

ppc stable

------- Comment #15 From Peter Volkov 2008-06-06 07:52:26 0000 -------

Fixed in release snapshot.

------- Comment #16 From Tobias Heinlein 2008-06-06 17:05:54 0000 -------

GLSA request filed.

------- Comment #17 From Tobias Heinlein 2008-06-08 20:52:09 0000 -------

GLSA 200806-03

Bug 223965 depends on:			Show dependency tree
Bug 223965 blocks:			Show dependency tree

Bugzilla Bug 223965

media-libs/imlib2 <1.4.0-r1 PNM and XPM Buffer Overflow Vulnerabilities (CVE-2008-2426)

Last modified: 2008-06-08 20:52:09 0000