Description
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
Affected products
- conectiva / linux9.0 – 9.0
- conectiva / linux10.0 – 10.0
- enlightenment / imlib1.9 – 1.9
- enlightenment / imlib1.9.5 – 1.9.5
- enlightenment / imlib1.9.6 – 1.9.6
- enlightenment / imlib1.9.7 – 1.9.7
- enlightenment / imlib1.9.8 – 1.9.8
- enlightenment / imlib1.9.9 – 1.9.9
- enlightenment / imlib1.9.10 – 1.9.10
- enlightenment / imlib1.9.11 – 1.9.11
- enlightenment / imlib1.9.12 – 1.9.12
- enlightenment / imlib1.9.13 – 1.9.13
- enlightenment / imlib1.9.14 – 1.9.14
- enlightenment / imlib1.9.2 – 1.9.2
- enlightenment / imlib1.9.4 – 1.9.4
- enlightenment / imlib1.9.1 – 1.9.1
- enlightenment / imlib1.9.3 – 1.9.3
- enlightenment / imlib21.0.2 – 1.0.2
- enlightenment / imlib21.0.3 – 1.0.3
- enlightenment / imlib21.0.4 – 1.0.4
- enlightenment / imlib21.0.5 – 1.0.5
- enlightenment / imlib21.1 – 1.1
- enlightenment / imlib21.1.1 – 1.1.1
- enlightenment / imlib21.0 – 1.0
- enlightenment / imlib21.0.1 – 1.0.1
- ImageMagick / ImageMagick5.4.8 – 5.4.8
- ImageMagick / ImageMagick5.3.3 – 5.3.3
- ImageMagick / ImageMagick5.4.3 – 5.4.3
- ImageMagick / ImageMagick5.4.4.5 – 5.4.4.5
- ImageMagick / ImageMagick5.4.7 – 5.4.7
- ImageMagick / ImageMagick5.4.8.2.1.1.0 – 5.4.8.2.1.1.0
- ImageMagick / ImageMagick5.5.3.2.1.2.0 – 5.5.3.2.1.2.0
- ImageMagick / ImageMagick5.5.6.0_2003-04-09 – 5.5.6.0_2003-04-09
- ImageMagick / ImageMagick5.5.7 – 5.5.7
- ImageMagick / ImageMagick6.0.2 – 6.0.2
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux9.2 – 9.2
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux10.0 – 10.0
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux2.1 – 2.1
- RedHat / enterprise_linux3.0 – 3.0
- RedHat / enterprise_linux_desktop3.0 – 3.0
- RedHat / fedora_corecore_3.0 – core_3.0
- RedHat / fedora_corecore_1.0 – core_1.0
- RedHat / fedora_corecore_2.0 – core_2.0
- RedHat / linux_advanced_workstation2.1 – 2.1
- RedHat / linux_advanced_workstation2.1 – 2.1
- sun / java_desktop_system2003 – 2003
- sun / java_desktop_system2.0 – 2.0
- SUSE / suse_linux8.0 – 8.0
- SUSE / suse_linux8.0 – 8.0
- SUSE / suse_linux8.1 – 8.1
- SUSE / suse_linux8.2 – 8.2
- SUSE / suse_linux9.0 – 9.0
- SUSE / suse_linux9.0 – 9.0
- SUSE / suse_linux9.1 – 9.1
- SUSE / suse_linux9.2 – 9.2
- turbolinux / turbolinux_desktop10.0 – 10.0
- turbolinux / turbolinux_server7.0 – 7.0
- turbolinux / turbolinux_server8.0 – 8.0
- turbolinux / turbolinux_workstation7.0 – 7.0
- turbolinux / turbolinux_workstation8.0 – 8.0
- Ubuntu / ubuntu_linux4.1 – 4.1
- Ubuntu / ubuntu_linux4.1 – 4.1
References
- MISChttp://cvs.sourceforge.net/viewcvs.py/enlightenment/e17/libs/imlib2/ChangeLog?rev=1.20&view=markup
- MISChttp://www.vuxml.org/freebsd/ba005226-fb5b-11d8-9837-000c41e2cdad.html
- MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1
- MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17183
- MISChttp://www.securityfocus.com/bid/11084
- VENDOR_ADVISORYhttp://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:089
- MISChttp://www.gentoo.org/security/en/glsa/glsa-200409-12.xml