Secunia Research has discovered two vulnerabilities in DevIL, which can be exploited by malicious people to compromise an application using the library. The vulnerabilities are caused due to boundary errors within the "iGetHdrHeader()" function in src-IL/src/il_hdr.c. These can be exploited to cause a stack-based buffer overflow when processing specially crafted Radiance RGBE files. Successful exploitation allows execution of arbitrary code. Version 1.7.4 is affected.
2db7537f7ae4f1844e1079774d8e106853f8bddb5ad266889cca2a1bd47eac1a