CVE-2024-25448
published 2024-02-09CVE-2024-25448: An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | imlib2 | < imlib2 1.10.0-2 (bookworm) | imlib2 1.10.0-2 (bookworm) |
| enlightenment | imlib2 | — | — |
| enlightenment | imlib2 | >= 0 < 1.7.1-2+deb11u1 | 1.7.1-2+deb11u1 |
| enlightenment | imlib2 | >= 0 < 1.10.0-2 | 1.10.0-2 |
| enlightenment | imlib2 | >= 0 < 1.10.0-2 | 1.10.0-2 |
| enlightenment | imlib2 | >= 0 < 1.10.0-2 | 1.10.0-2 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
osv8.8HIGH