CVE-2016-4024

CWE-119 — Buffer Overflow11 documents7 sources

Severity

9.8CRITICAL

EPSS

9.6%

top 7.11%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Enlightenment Imlib2 Debian Debian Linux Opensuse Opensuse

Timeline

PublishedMay 13

Latest updateMay 14

Description

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

▶Debianimlib2< 1.4.8-1+3

▶NVDenlightenment/imlib21.4.8

▶NVDopensuse/opensuse13.2

Also affects: Debian Linux 7.0, 8.0

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-w45c-xqv7-2g36: Integer overflow in imlib2 before 1↗2022-05-14

▶

OSV

imlib2 vulnerabilities↗2016-09-09

▶

CVEList

CVE-2016-4024: Integer overflow in imlib2 before 1↗2016-05-13

▶

OSV

CVE-2016-4024: Integer overflow in imlib2 before 1↗2016-05-13

▶

📋Vendor Advisories

Ubuntu

Imlib2 vulnerabilities↗2016-09-09

▶

Debian

CVE-2016-4024: imlib2 - Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attack...↗2016

▶

💬Community

Bugzilla

CVE-2016-4024 imlib2: integer overflow resulting in insufficient heap allocation [fedora-all]↗2016-04-15

▶

Bugzilla

CVE-2016-4024 imlib2: integer overflow resulting in insufficient heap allocation [epel-7]↗2016-04-15

▶

Bugzilla

CVE-2016-4024 imlib2: integer overflow resulting in insufficient heap allocation [epel-6]↗2016-04-15

▶

Bugzilla

CVE-2016-4024 imlib2: integer overflow resulting in insufficient heap allocation↗2016-04-15

▶