CVE-2016-4024: Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers…

critical9.8CVSS 3.0

AVNACLPRNUINSUCHIHAH

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

Affected

11 ranges

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	imlib2	< imlib2 1.4.8-1 (bookworm)	imlib2 1.4.8-1 (bookworm)
enlightenment	imlib2	<= 1.4.8	—
enlightenment	imlib2	>= 0 < 1.4.8-1	1.4.8-1
enlightenment	imlib2	>= 0 < 1.4.8-1	1.4.8-1
enlightenment	imlib2	>= 0 < 1.4.8-1	1.4.8-1
enlightenment	imlib2	>= 0 < 1.4.8-1	1.4.8-1
enlightenment	imlib2	>= 0 < 1.4.6-2ubuntu0.1	1.4.6-2ubuntu0.1
enlightenment	imlib2	>= 0 < 1.4.7-1ubuntu0.1	1.4.7-1ubuntu0.1
opensuse	opensuse	—	—

CVSS provenance

nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

osv9.8CRITICAL