SuSE Security Update: imlib2: Fixed various security problems in imlib2-loaders (imlib2-loaders-2265)

NASLDB: SuSE Security Update: imlib2: Fixed various security problems in imlib2-loaders (imlib2-loaders-2265)

General

ID: 27271
Name: SuSE Security Update: imlib2: Fixed various security problems in imlib2-loaders (imlib2-loaders-2265)

Summary: Check for the imlib2-loaders-2265 package

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: SuSE Local Security Checks
Type: –

Description

Various security problems have been fixed in the imlib2
image loaders:

CVE-2006-4809: A stack buffer overflow in loader_pnm.c
could be used by attackers to execute code by supplying a
handcrafted PNM image.

CVE-2006-4808: A heap buffer overflow in loader_tga.c could
potentially be used by attackers to execute code by
supplying a handcrafted TGA image.

CVE-2006-4807: A out of bounds memory read in loader_tga.c
could be used to crash the imlib2 using application with a
handcrafted TGA image.

CVE-2006-4806: Various integer overflows in width*height
calculations could lead to heap overflows which could
potentially be used to execute code. Affected here are the
ARGB, PNG, LBM, JPEG and TIFF loaders.

Additionaly loading of TIFF images on 64bit systems is now
possible.

This update obsoletes the previous one, which had problems
with JPEG loading.