ID CVE-2006-4806
Summary Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
References
Vulnerable Configurations
  • cpe:2.3:a:enlightenment:imlib2:1.0:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.1:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:enlightenment:imlib2:1.3:*:*:*:*:*:*:*
    cpe:2.3:a:enlightenment:imlib2:1.3:*:*:*:*:*:*:*
CVSS
Base: 5.1 (as of 20-07-2017 - 01:33)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK HIGH NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:H/Au:N/C:P/I:P/A:P
refmap via4
bid 20903
gentoo GLSA-200612-20
mandriva
  • MDKSA-2006:198
  • MDKSA-2007:156
misc http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz
osvdb
  • 30105
  • 30106
  • 30107
  • 30108
  • 30109
secunia
  • 22732
  • 22744
  • 22752
  • 22932
  • 23441
suse SUSE-SR:2006:026
ubuntu
  • USN-376-1
  • USN-376-2
vupen ADV-2006-4349
xf imlib2-load-overflow(30064)
statements via4
contributor Mark J Cox
lastmodified 2006-11-22
organization Red Hat
statement Not vulnerable. Red Hat Enterprise Linux 2.1, 3, and 4 do not include imlib2.
Last major update 20-07-2017 - 01:33
Published 07-11-2006 - 00:07
Last modified 20-07-2017 - 01:33
Back to Top