Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.

Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.