Bug 223965 - media-libs/imlib2 <1.4.0-r1 PNM and XPM Buffer Overflow Vulnerabilities (CVE-2008-2426)
Bug#: 223965 (CVE-2008-2426) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: vorlon@gentoo.org
Component: Vulnerabilities
URL:  http://secunia.com/advisories/30401/
Summary: media-libs/imlib2 <1.4.0-r1 PNM and XPM Buffer Overflow Vulnerabilities (CVE-2008-2426)
Keywords:  
Status Whiteboard: B2 [glsa]
Opened: 2008-05-28 15:22 0000
Description:   Opened: 2008-05-28 15:22 0000 
This bug is marked confidential, do not disclose any information or commit
anything until the bug has been made public.

Secunia Research reports a vulnerability in imlib2 (CVE-2008-2426).
Preliminary disclosure date is 2008-06-11.

The following is an excerpt from the vulnerability report, more details are
available:
[...]
Credit: Stefan Cornelius, Secunia Research
[...]

-- Details --

1) There is a boundary error within the "load()" function in
src/modules/loaders/loader_pnm.c when reading the header of an PNM image
file, which can be exploited to cause a stack-based buffer overflow by
e.g. tricking a user into opening a specially crafted PNM image with an
application using the imlib2 library.
[...]
Successful exploitation allows the execution of arbitrary code.

2) There is a boundary error within the "load()" function in
src/modules/loader_xpm.c when processing an XPM image file, which can be
exploited to cause a stack-based buffer overflow by e.g. tricking a user
into opening a specially crafted XPM image with an application using the
imlib2 library.
[...]

------- Comment #1 From Matthias Geerdsen 2008-05-28 15:25:06 0000 ------- 
upstream has been contacted by secunia btw

------- Comment #2 From Matthias Geerdsen 2008-05-29 15:00:50 0000 ------- 
public via $URL

patch is supposed to be in CVS according to that advisory

------- Comment #3 From Tomas Hoger 2008-05-30 09:36:22 0000 ------- 
Patches from upstream CVS:

https://bugzilla.redhat.com/show_bug.cgi?id=449073#c4

HTH

------- Comment #4 From SpanKY 2008-05-31 05:42:43 0000 ------- 
ive added 1.4.0-r1 and imlib2-1.4.1.000-r1 to the tree ... while both should be
fine for stable, i imagine people would be more comfortable with the former

------- Comment #5 From Robert Buchholz 2008-05-31 09:11:44 0000 ------- 
That was a straight-to-stable bump for 1.4.0-r1 ;-)

So going directly to [glsa]

------- Comment #6 From SpanKY 2008-05-31 10:51:31 0000 ------- 
imlib2-1.4.0-r1 isnt in stable ...

------- Comment #7 From Robert Buchholz 2008-05-31 23:34:06 0000 ------- 
(In reply to comment #6)
> imlib2-1.4.0-r1 isnt in stable ...

You are right. In that case, it seems there is a bug in adjutrix, because it
actually outputs the version as stable:
...
1.4.0-r1     | + + + + +   + + +   + +   + ~ |
...
grep KEYWORDS proves you right:
imlib2-1.4.0-r1.ebuild:KEYWORDS="~alpha ~amd64 ~arm ~hppa ~ia64 ~mips ~ppc
~ppc64 ~sh ~sparc ~x86 ~x86-fbsd"

------- Comment #8 From Robert Buchholz 2008-05-31 23:34:51 0000 ------- 
Arches, please test and mark stable:
=media-libs/imlib2-1.4.0-r1
Target keywords : "alpha amd64 arm hppa ia64 ppc ppc64 release sh sparc x86"

------- Comment #9 From Christian Faulhammer 2008-06-01 08:45:34 0000 ------- 
x86 stable

------- Comment #10 From Markus Rothe 2008-06-01 10:54:27 0000 ------- 
ppc64 stable

------- Comment #11 From Jeroen Roovers 2008-06-02 04:14:00 0000 ------- 
Stable for HPPA.

------- Comment #12 From Raúl Porcel 2008-06-02 10:24:08 0000 ------- 
alpha/ia64/sparc stable

------- Comment #13 From Steve Dibb 2008-06-03 14:20:05 0000 ------- 
amd64 stable

------- Comment #14 From Tobias Scherbaum 2008-06-05 18:06:53 0000 ------- 
ppc stable

------- Comment #15 From Peter Volkov 2008-06-06 07:52:26 0000 ------- 
Fixed in release snapshot.

------- Comment #16 From Tobias Heinlein 2008-06-06 17:05:54 0000 ------- 
GLSA request filed.

------- Comment #17 From Tobias Heinlein 2008-06-08 20:52:09 0000 ------- 
GLSA 200806-03