Gentoo Linux Security Advisory GLSA 200903-04 - Multiple boundary errors in DevIL may allow for the execution of arbitrary code. Stefan Cornelius (Secunia Research) discovered two boundary errors within the iGetHdrHeader() function in src-IL/src/il_hdr.c. Versions less than 1.7.7 are affected.
6968c1a9f3dc299f41f0c1b860ac8597572eccd32d40e16046428903f5f83fb7
Debian Security Advisory 1717 - Stefan Cornelius discovered a buffer overflow in devil, a cross-platform image loading and manipulation toolkit, which could be triggered via a crafted Radiance RGBE file. This could potentially lead to the execution of arbitrary code.
265e84e682128cc2db4b0e85ebb3365be5c458f93067eff4a6edd31c6a500945
Secunia Research has discovered two vulnerabilities in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "iGetHdrHeader()" function in src-IL/src/il_hdr.c. These can be exploited to cause a stack-based buffer overflow when processing specially crafted Radiance RGBE files. Successful exploitation allows execution of arbitrary code. Version 1.7.4 is affected.
2db7537f7ae4f1844e1079774d8e106853f8bddb5ad266889cca2a1bd47eac1a