CVE-2004-0817

Description

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

Affected products

• conectiva / linux9.0 – 9.0
• conectiva / linux10.0 – 10.0
• enlightenment / imlib1.9 – 1.9
• enlightenment / imlib1.9.5 – 1.9.5
• enlightenment / imlib1.9.6 – 1.9.6
• enlightenment / imlib1.9.7 – 1.9.7
• enlightenment / imlib1.9.8 – 1.9.8
• enlightenment / imlib1.9.9 – 1.9.9
• enlightenment / imlib1.9.10 – 1.9.10
• enlightenment / imlib1.9.11 – 1.9.11
• enlightenment / imlib1.9.12 – 1.9.12
• enlightenment / imlib1.9.13 – 1.9.13
• enlightenment / imlib1.9.14 – 1.9.14
• enlightenment / imlib1.9.2 – 1.9.2
• enlightenment / imlib1.9.4 – 1.9.4
• enlightenment / imlib1.9.1 – 1.9.1
• enlightenment / imlib1.9.3 – 1.9.3
• enlightenment / imlib21.0.2 – 1.0.2
• enlightenment / imlib21.0.3 – 1.0.3
• enlightenment / imlib21.0.4 – 1.0.4
• enlightenment / imlib21.0.5 – 1.0.5
• enlightenment / imlib21.1 – 1.1
• enlightenment / imlib21.1.1 – 1.1.1
• enlightenment / imlib21.0 – 1.0
• enlightenment / imlib21.0.1 – 1.0.1
• ImageMagick / ImageMagick5.4.8 – 5.4.8
• ImageMagick / ImageMagick5.3.3 – 5.3.3
• ImageMagick / ImageMagick5.4.3 – 5.4.3
• ImageMagick / ImageMagick5.4.4.5 – 5.4.4.5
• ImageMagick / ImageMagick5.4.7 – 5.4.7
• ImageMagick / ImageMagick5.4.8.2.1.1.0 – 5.4.8.2.1.1.0
• ImageMagick / ImageMagick5.5.3.2.1.2.0 – 5.5.3.2.1.2.0
• ImageMagick / ImageMagick5.5.6.0_2003-04-09 – 5.5.6.0_2003-04-09
• ImageMagick / ImageMagick5.5.7 – 5.5.7
• ImageMagick / ImageMagick6.0.2 – 6.0.2
• mandrakesoft / mandrake_linux9.2 – 9.2
• mandrakesoft / mandrake_linux9.2 – 9.2
• mandrakesoft / mandrake_linux10.0 – 10.0
• mandrakesoft / mandrake_linux10.0 – 10.0
• mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
• mandrakesoft / mandrake_linux_corporate_server2.1 – 2.1
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux2.1 – 2.1
• RedHat / enterprise_linux3.0 – 3.0
• RedHat / enterprise_linux_desktop3.0 – 3.0
• RedHat / fedora_corecore_3.0 – core_3.0
• RedHat / fedora_corecore_1.0 – core_1.0
• RedHat / fedora_corecore_2.0 – core_2.0
• RedHat / linux_advanced_workstation2.1 – 2.1
• RedHat / linux_advanced_workstation2.1 – 2.1
• sun / java_desktop_system2003 – 2003
• sun / java_desktop_system2.0 – 2.0
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.0 – 8.0
• SUSE / suse_linux8.1 – 8.1
• SUSE / suse_linux8.2 – 8.2
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.0 – 9.0
• SUSE / suse_linux9.1 – 9.1
• SUSE / suse_linux9.2 – 9.2
• turbolinux / turbolinux_desktop10.0 – 10.0
• turbolinux / turbolinux_server7.0 – 7.0
• turbolinux / turbolinux_server8.0 – 8.0
• turbolinux / turbolinux_workstation7.0 – 7.0
• turbolinux / turbolinux_workstation8.0 – 8.0
• Ubuntu / ubuntu_linux4.1 – 4.1
• Ubuntu / ubuntu_linux4.1 – 4.1

References

• MISChttp://www.redhat.com/support/errata/RHSA-2004-465.html
• VENDOR_ADVISORYhttp://www.debian.org/security/2004/dsa-548
• VENDOR_ADVISORYhttp://www.mandriva.com/security/advisories?name=MDKSA-2004:089
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/17182
• MISChttp://sunsolve.sun.com/search/document.do?assetkey=1-66-201611-1
• MISChttp://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000870
• MISChttp://www.securityfocus.com/bid/11084
• MISChttps://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8843
• MISChttp://www.gentoo.org/security/en/glsa/glsa-200409-12.xml