CVE-2008-2426 - Computer security: vulnerabilities and exploits database

[EN] securityvulns.ru
no-pyccku

CVE CVE-2008-2426
Status Candidate
Description Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.
Severity High
CVSS score 9,3
CVSS vector (AV:N/AC:M/Au:N/C:C/I:C/A:C)
Phase Assigned (06.09.2011)
NVD: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-2426
References BID : 29417
BUGTRAQ : 20080529 Secunia Research: imlib2 PNM and XPM Buffer Overflow
DEBIAN : DSA-1594
FEDORA : FEDORA-2008-4842
FEDORA : FEDORA-2008-4871
FEDORA : FEDORA-2008-4950
GENTOO : GLSA-200806-03
MANDRIVA : MDVSA-2008:123
MISC : http://secunia.com/secunia_research/2008-25/advisory/
SECTRACK : 1020146
SECUNIA : 30401
SECUNIA : 30485
SECUNIA : 30572
SECUNIA : 30727
SECUNIA : 31982
SUSE : SUSE-SR:2008:018
UBUNTU : USN-697-1
VUPEN : ADV-2008-1700
XF : imlib2-pnm-xpm-bo(42732)
SecurityVulns: imlib2 library buffer overflow

test server