[arch-security] [ASA-201605-1] imlib2: multiple issues
Levente Polyak
anthraxx at archlinux.org
Wed May 4 00:07:41 UTC 2016
Arch Linux Security Advisory ASA-201605-1
=========================================
Severity: High
Date : 2016-05-01
CVE-ID : CVE-2011-5326 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024
Package : imlib2
Type : multiple issues
Remote : Yes
Link : https://wiki.archlinux.org/index.php/CVE
Summary
=======
The package imlib2 before version 1.4.9-1 is vulnerable to multiple
issues that can lead to information leakage, application crash or
arbitrary code execution.
Resolution
==========
Upgrade to 1.4.9-1.
# pacman -Syu "imlib2>=1.4.9-1"
The problems have been fixed upstream in version 1.4.9.
Workaround
==========
None.
Description
===========
- CVE-2011-5326 (denial of service)
Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results
in a floating point exception.
- CVE-2016-3993 (information leakage)
Yuriy M. Kaminskiy discovered that drawing using coordinates from an
untrusted source could lead to an out-of-bound memory read, which in
turn could result in an application crash.
- CVE-2016-3994 (information Leakage)
Jakub Wilk discovered that a malformed image could lead to an
out-of-bound read in the GIF loader, which may result in an application
crash or information leak.
- CVE-2016-4024 (arbitrary code execution)
Yuriy M. Kaminskiy discovered an integer overflow that could lead to an
insufficient heap allocation and out-of-bound memory write.
Impact
======
An attacker can leverage vulnerable library calls in imlib2 to crash an
application, or read/write to the application's memory. This can lead to
potential information leak or modification of the application's flow.
References
==========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4021
http://article.gmane.org/gmane.comp.window-managers.enlightenment.devel/64373
http://article.gmane.org/gmane.comp.security.oss.general/19276
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/arch-security/attachments/20160504/9bc21f8f/attachment.asc>
More information about the arch-security
mailing list