Upstream information

CVE-2008-5187 at MITRE

Description

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 447093 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Software Development Kit 11 SP4
  • imlib2 >= 1.4.2-2.18.53
  • imlib2-devel >= 1.4.2-2.18.53
  • imlib2-filters >= 1.4.2-2.18.53
  • imlib2-loaders >= 1.4.2-2.18.53
Patchnames:
SUSE Linux Enterprise Software Development Kit 11 SP4 GA imlib2
SUSE Linux Enterprise SDK 10 SP2
  • imlib2 >= 1.2.1-17.16
  • imlib2-devel >= 1.2.1-17.16
  • imlib2-loaders >= 1.2.1-17.16
sle10-sp2-sdk.s390x
sle10-sp2-sdk.ppc
sled10-sp2.x86-64
sle10-sp2-sdk.x86
sled10-sp2.x86
sle10-sp2-sdk.x86-64
sle10-sp2-sdk.ia64
ZYPP Patch Nr: 5832
openSUSE 11.0
  • imlib2-debuginfo >= 1.4.0-46.5
  • imlib2-debugsource >= 1.4.0-46.5
openSUSE 11.0
  • imlib2 >= 1.4.0-46.5
  • imlib2-devel >= 1.4.0-46.5
  • imlib2-filters >= 1.4.0-46.5
  • imlib2-loaders >= 1.4.0-46.5