Enlightenment Imlib2 vulnerabilities

CVE-2024-25447 [HIGH] CWE-787 CVE-2024-25447: An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cau An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.

CVE-2024-25448 [HIGH] CWE-787 CVE-2024-25448: An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a h An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.

CVE-2024-25450 [HIGH] CWE-401 CVE-2024-25450: imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

CVE-2020-12761 [CRITICAL] CWE-125 CVE-2020-12761: modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

CVE-2016-4024 [CRITICAL] CWE-119 CVE-2016-4024: Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbit Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

CVE-2014-9762 [HIGH] CWE-20 CVE-2014-9762: imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.

CVE-2014-9763 [HIGH] CWE-189 CVE-2014-9763: imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and a imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.

CVE-2016-3994 [HIGH] CWE-119 CVE-2016-3994: The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (applicat The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

CVE-2011-5326 [HIGH] CWE-189 CVE-2011-5326: imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and a imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.

CVE-2014-9764 [HIGH] CWE-20 CVE-2014-9764: imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.

CVE-2014-9771 [HIGH] CVE-2014-9771: Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.

CVE-2016-3993 [HIGH] CWE-119 CVE-2016-3993: Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

CVE-2010-0991 [MEDIUM] CWE-119 CVE-2010-0991: Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute ar Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.

CVE-2008-6079 [CRITICAL] CVE-2008-6079: imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted ( imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."

CVE-2008-5187 [HIGH] CVE-2008-5187: The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

CVE-2006-4806 [MEDIUM] CVE-2006-4806: Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of servi Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.

CVE-2006-4809 [MEDIUM] CVE-2006-4809: Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, all Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.

CVE-2006-4808 [LOW] CVE-2006-4808: Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allo Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.

CVE-2006-4807 [LOW] CVE-2006-4807: loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attack loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.

CVE-2004-0817 [HIGH] CVE-2004-0817: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execut Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.