Arch Linux Security Advisory ASA-201605-1 ========================================= Severity: High Date : 2016-05-01 CVE-ID : CVE-2011-5326 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024 Package : imlib2 Type : multiple issues Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package imlib2 before version 1.4.9-1 is vulnerable to multiple issues that can lead to information leakage, application crash or arbitrary code execution. Resolution ========== Upgrade to 1.4.9-1. # pacman -Syu "imlib2>=1.4.9-1" The problems have been fixed upstream in version 1.4.9. Workaround ========== None. Description =========== - CVE-2011-5326 (denial of service) Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results in a floating point exception. - CVE-2016-3993 (information leakage) Yuriy M. Kaminskiy discovered that drawing using coordinates from an untrusted source could lead to an out-of-bound memory read, which in turn could result in an application crash. - CVE-2016-3994 (information Leakage) Jakub Wilk discovered that a malformed image could lead to an out-of-bound read in the GIF loader, which may result in an application crash or information leak. - CVE-2016-4024 (arbitrary code execution) Yuriy M. Kaminskiy discovered an integer overflow that could lead to an insufficient heap allocation and out-of-bound memory write. Impact ====== An attacker can leverage vulnerable library calls in imlib2 to crash an application, or read/write to the application's memory. This can lead to potential information leak or modification of the application's flow. References ========== https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5326 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3994 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4021 http://article.gmane.org/gmane.comp.window-managers.enlightenment.devel/6437... http://article.gmane.org/gmane.comp.security.oss.general/19276