[arch-security] [ASA-201605-1] imlib2: multiple issues

Levente Polyak anthraxx at archlinux.org
Wed May 4 00:07:41 UTC 2016


Arch Linux Security Advisory ASA-201605-1
=========================================

Severity: High
Date    : 2016-05-01
CVE-ID  : CVE-2011-5326 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024
Package : imlib2
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/index.php/CVE

Summary
=======

The package imlib2 before version 1.4.9-1 is vulnerable to multiple
issues that can lead to information leakage, application crash or
arbitrary code execution.

Resolution
==========

Upgrade to 1.4.9-1.

# pacman -Syu "imlib2>=1.4.9-1"

The problems have been fixed upstream in version 1.4.9.

Workaround
==========

None.

Description
===========

- CVE-2011-5326 (denial of service)

Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results
in a floating point exception.

- CVE-2016-3993 (information leakage)

Yuriy M. Kaminskiy discovered that drawing using coordinates from an
untrusted source could lead to an out-of-bound memory read, which in
turn could result in an application crash.

- CVE-2016-3994 (information Leakage)

Jakub Wilk discovered that a malformed image could lead to an
out-of-bound read in the GIF loader, which may result in an application
crash or information leak.

- CVE-2016-4024 (arbitrary code execution)

Yuriy M. Kaminskiy discovered an integer overflow that could lead to an
insufficient heap allocation and out-of-bound memory write.

Impact
======

An attacker can leverage vulnerable library calls in imlib2 to crash an
application, or read/write to the application's memory. This can lead to
potential information leak or modification of the application's flow.

References
==========

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4021
http://article.gmane.org/gmane.comp.window-managers.enlightenment.devel/64373
http://article.gmane.org/gmane.comp.security.oss.general/19276

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160504/9bc21f8f/attachment.asc>


More information about the arch-security mailing list