Executive Summary

Summary
Title New imlib2 packages fix arbitrary code execution
Informations
Name DSA-2029 First vendor Publication 2010-04-05
Vendor Debian Last vendor Modification 2010-04-05
Severity (Vendor) N/A Revision 1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 10 Attack Range Network
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files.

For the stable distribution (lenny), this problem has been fixed in version 1.4.0-1.2+lenny1.

For the testing distribution (squeeze), this problem has been fixed in version 1.4.2-1.

For the unstable distribution (sid), this problem has been fixed in version 1.4.2-1.

Original Source

Url : http://www.debian.org/security/2010/dsa-2029

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13415
 
Oval ID: oval:org.mitre.oval:def:13415
Title: DSA-2029-1 imlib2 -- several
Description: It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files. For the stable distribution, this problem has been fixed in version 1.4.0-1.2+lenny1. For the testing distribution, this problem has been fixed in version 1.4.2-1. For the unstable distribution, this problem has been fixed in version 1.4.2-1.
Family: unix Class: patch
Reference(s): DSA-2029-1
CVE-2008-6079
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): imlib2
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:6745
 
Oval ID: oval:org.mitre.oval:def:6745
Title: DSA-2029 imlib2 -- several vulnerabilities
Description: It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files.
Family: unix Class: patch
Reference(s): DSA-2029
CVE-2008-6079
 Version: 5
Platform(s): Debian GNU/Linux 5.0
 Product(s): imlib2
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 14

OpenVAS Exploits

Date Description
2010-07-06 Name : Mandriva Update for imlib2 MDVSA-2010:127 (imlib2)
File : nvt/gb_mandriva_MDVSA_2010_127.nasl
2010-04-29 Name : Mandriva Update for kde4-style-iaora MDVA-2010:127 (kde4-style-iaora)
File : nvt/gb_mandriva_MDVA_2010_127.nasl
2010-04-21 Name : Debian Security Advisory DSA 2029-1 (imlib2)
File : nvt/deb_2029_1.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
49259 imlib2 Multiple Unspecified Issues

Nessus® Vulnerability Scanner

Date Description
2010-07-30 Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2010-127.nasl - Type : ACT_GATHER_INFO
2010-04-06 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2029.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:29:21
  • Multiple Updates