ID CVE-2006-4809
Summary Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
References
Vulnerable Configurations
  • cpe:2.3:a:enlightenment:imlib2:1.0
    cpe:2.3:a:enlightenment:imlib2:1.0
  • cpe:2.3:a:enlightenment:imlib2:1.0.1
    cpe:2.3:a:enlightenment:imlib2:1.0.1
  • cpe:2.3:a:enlightenment:imlib2:1.0.2
    cpe:2.3:a:enlightenment:imlib2:1.0.2
  • cpe:2.3:a:enlightenment:imlib2:1.0.3
    cpe:2.3:a:enlightenment:imlib2:1.0.3
  • cpe:2.3:a:enlightenment:imlib2:1.0.4
    cpe:2.3:a:enlightenment:imlib2:1.0.4
  • cpe:2.3:a:enlightenment:imlib2:1.0.5
    cpe:2.3:a:enlightenment:imlib2:1.0.5
  • cpe:2.3:a:enlightenment:imlib2:1.1
    cpe:2.3:a:enlightenment:imlib2:1.1
  • cpe:2.3:a:enlightenment:imlib2:1.1.1
    cpe:2.3:a:enlightenment:imlib2:1.1.1
  • cpe:2.3:a:enlightenment:imlib2:1.1.2
    cpe:2.3:a:enlightenment:imlib2:1.1.2
CVSS
Base: 5.1 (as of 09-11-2006 - 10:32)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
nessus via4
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200612-20.NASL
    description The remote host is affected by the vulnerability described in GLSA-200612-20 (imlib2: Multiple vulnerabilities) M. Joonas Pihlaja discovered several buffer overflows in loader_argb.c, loader_png.c, loader_lbm.c, loader_jpeg.c, loader_tiff.c, loader_tga.c, loader_pnm.c and an out-of-bounds memory read access in loader_tga.c. Impact : An attacker can entice a user to process a specially crafted JPG, ARGB, PNG, LBM, PNM, TIFF, or TGA image with an 'imlib2*' binary or another application using the imlib2 libraries. Successful exploitation of the buffer overflows causes the execution of arbitrary code with the permissions of the user running the application. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 23957
    published 2006-12-30
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23957
    title GLSA-200612-20 : imlib2: Multiple vulnerabilities
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2006-198.NASL
    description M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn't load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn't cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to correct these issues. Update : An error in the previous patchset may affect JPEG image handling for certain valid images. This new update corrects this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 24583
    published 2007-02-18
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=24583
    title Mandrake Linux Security Advisory : imlib2 (MDKSA-2006:198-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2007-156.NASL
    description M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to prevent these issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 37033
    published 2009-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=37033
    title Mandrake Linux Security Advisory : imlib2 (MDKSA-2007:156)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-376-1.NASL
    description M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 27957
    published 2007-11-10
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27957
    title Ubuntu 5.10 / 6.06 LTS / 6.10 : imlib2 vulnerabilities (USN-376-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMLIB2-LOADERS-2244.NASL
    description Various security problems have been fixed in the imlib2 image loaders : CVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. CVE-2006-4808: A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. CVE-2006-4807: A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. CVE-2006-4806: Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. Additionaly loading of TIFF images on 64bit systems is now possible.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27270
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27270
    title openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2244)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMLIB2-LOADERS-2245.NASL
    description Various security problems have been fixed in the imlib2 image loaders : - A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. (CVE-2006-4809) - A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. (CVE-2006-4808) - A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. (CVE-2006-4807) - Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. (CVE-2006-4806) Additionally loading of TIFF images on 64bit systems now works.
    last seen 2019-02-21
    modified 2014-10-28
    plugin id 29463
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29463
    title SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2245)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMLIB2-LOADERS-2265.NASL
    description Various security problems have been fixed in the imlib2 image loaders : CVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. CVE-2006-4808: A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. CVE-2006-4807: A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. CVE-2006-4806: Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. Additionaly loading of TIFF images on 64bit systems is now possible. This update obsoletes the previous one, which had problems with JPEG loading.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 27271
    published 2007-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=27271
    title openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2265)
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_92442C4B6F4A11DBBD280012F06707F0.NASL
    description Secunia reports : Some vulnerabilities have been reported in imlib2, which can be exploited by malicious people to cause a DoS (Denial of Service) or potentially compromise an application using the library. The vulnerabilities are caused due to unspecified errors within the processing of JPG, ARGB, PNG, LBM, PNM, TIFF, and TGA images. This may be exploited to execute arbitrary code by e.g. tricking a user into opening a specially crafted image file with an application using imlib2.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 23665
    published 2006-11-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23665
    title FreeBSD : Imlib2 -- multiple image file processing vulnerabilities (92442c4b-6f4a-11db-bd28-0012f06707f0)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_EXTRAS_2006-004.NASL
    description M. Joonas Pihlaja discovered that imlib2 did not sufficiently verify the validity of ARGB, JPG, LBM, PNG, PNM, TGA, and TIFF images. If a user were tricked into viewing or processing a specially crafted image with an application that uses imlib2, the flaws could be exploited to execute arbitrary code with the user's privileges. Fedora Extras versions earlier then the versions mentioned above are vulnerable to this problem, upgrade to fix this vulnerability. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2015-10-19
    plugin id 62278
    published 2012-09-24
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=62278
    title Fedora Extras : imlib2-1.2.1-2 (2006-004)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_IMLIB2-LOADERS-2261.NASL
    description Various security problems have been fixed in the imlib2 image loaders : - A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. (CVE-2006-4809) - A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. (CVE-2006-4808) - A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. (CVE-2006-4807) - Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. (CVE-2006-4806) Additionally loading of TIFF images on 64bit systems now works. This obsoletes a previous update, which had broken JPEG loading.
    last seen 2019-02-21
    modified 2014-10-28
    plugin id 29464
    published 2007-12-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29464
    title SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2261)
refmap via4
bid 20903
gentoo GLSA-200612-20
mandriva
  • MDKSA-2006:198
  • MDKSA-2007:156
misc http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz
osvdb 30104
secunia
  • 22732
  • 22744
  • 22752
  • 22932
  • 23441
suse SUSE-SR:2006:026
ubuntu
  • USN-376-1
  • USN-376-2
vupen ADV-2006-4349
xf imlib2-loaderpnmc-bo(30070)
statements via4
contributor Mark J Cox
lastmodified 2006-11-22
organization Red Hat
statement Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Last major update 07-03-2011 - 21:42
Published 06-11-2006 - 19:07
Last modified 19-07-2017 - 21:33
Back to Top