CVE-2008-2426Improper Restriction of Operations within the Bounds of a Memory Buffer in Haitzler Imlib2

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer10 documents8 sources
Severity
9.3CRITICALNVD
EPSS
7.3%
top 8.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Enlightenment Imlib2Carsten Haitzler Imlib2
Timeline
PublishedJun 2
Latest updateMay 1

Description

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

Debianenlightenment/imlib2< 1.4.0-1.1+3

🔴Vulnerability Details

3
GHSA
GHSA-vp39-rwgc-h3pg: Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 12022-05-01
OSV
CVE-2008-2426: Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 12008-06-02
CVEList
CVE-2008-2426: Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 12008-06-02

📋Vendor Advisories

4
Ubuntu
Imlib2 vulnerability2008-12-22
Red Hat
imilb2: pointer arithmetic flaw in XPM loader2008-11-14
Red Hat
imlib2: buffer overflows in PNM and XPM loaders2008-05-29
Debian
CVE-2008-2426: imlib2 - Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-a...2008

💬Community

2
Bugzilla
CVE-2008-5187 imilb2: pointer arithmetic flaw in XPM loader2008-11-21
Bugzilla
CVE-2008-2426 imlib2: buffer overflows in PNM and XPM loaders2008-05-30