TUCoPS :: Unix :: General
:: unix5218.htm
2nd Apr 2002 [SBWID-5218]
COMMAND
heap corruption in imlib
SYSTEMS AFFECTED
all versions prior imlib 1.9.13
PROBLEM
Accordingly with Connectiva Linux Security announcement CLA-2002:470 :
Imlib is a library that allows X11 programs to use images of various
file formats.
Alan Cox discovered some situations where a heap corruption may occur
when processing some malformed image.
Al Viro found that imlib was falling back to the NetPBM library when
processing some kind of images, but NetPBM is not suitable to process
untrusted image input.
An attacker could use a crafted image to exploit a program linked to
imlib (like a mailer program or an image viewer) and cause a DoS or
even remote code execution.
SOLUTION
Upgrade.