imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability

Bugtraq ID:	39604
Class:	Boundary Condition Error
CVE:	CVE-2010-0991
Remote:	Yes
Local:	No
Published:	Apr 21 2010 12:00AM
Updated:	Apr 21 2010 12:00AM
Credit:	Stefan Cornelius, Secunia Research
Vulnerable:	Enlightenment Imlib2 1.4.3
Not Vulnerable:

imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability

imlib2 is prone to a remote buffer-overflow vulnerability.

Attackers can exploit this issue to execute arbitrary code in the context of the user running the application that uses the affected library. Failed exploit attempts may result in a denial-of-service condition.

imlib2 1.4.3 is affected; other versions may also be vulnerable.

imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of any more recent information, please mail us at: [email protected].

imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability

Solution:
Reportedly the vendor has fixed the issue in the SVN repository. Please see the references for more information.

imlib2 'src/lib/image.h' Remote Buffer Overflow Vulnerability

References:

• Imlib2 Homepage (Imlib2)
  
• Secunia Research: imlib2 'IMAGE_DIMENSIONS_OK()' Logic Error (Secunia)