‘imlib2 IMAGE_DIMENSIONS_OK Logic Error Vulnerability’


A vulnerability was discovered in imlib2, which can be exploited by malicious people to compromise an application using the library.’


‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-54/


Vulnerable Systems:
 * imlib2 version 1.4.3

Immune Systems:
 * HP-UX B.11.11 (B.
 * HP-UX B.11.23 (B.
 * HP-UX B.11.31 (C.

The vulnerability is caused by a logic error within the ‘IMAGE_DIMENSIONS_OK()’ macro in src/lib/image.h. This can be exploited to cause heap-based buffer overflows via e.g. specially crafted ARGB, XPM, and BMP image files.

Patch Availability:
Fixed in the SVN repository.

CVE Information:

Disclosure Timeline:
07/04/2010 – Vendor notified.
08/04/2010 – Vendor response.
21/04/2010 – Public disclosure.’

Categories: UNIX