Mandriva Linux Security Advisory - M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. The tga loader fails to bounds check input data to make sure the input data does not load outside the memory mapped region. The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet does not cause a heap overflow of the pixel buffer. The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking.
1c20ca2a09cf52db44cc93afd878f7cd7a24dabb1835fefb06d9dc2db1684701
Mandriva Linux Security Advisory MDKSA-2006-198 - M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking.
5f146088a491c0f2993a9b37375b3a0bb487d565a6619ca743b1d4af83d55412
Ubuntu Security Notice 376-2 - USN-376-1 provided an update to imlib2 to fix several security vulnerabilities. Unfortunately the update broke JPG file handling in certain situations. This update corrects this problem.
bd4fe9fe1aa452e6467dee81e051a5253609740aaa03f4a5f27b809295f107fb
Ubuntu Security Notice 376-1 - M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges.
6cf2948be4982cc7e0d1c19c4b6b0c6bd6da9919d184d4b607e1a34c0636f3b1