‘imlib2 IMAGE_DIMENSIONS_OK Logic Error Vulnerability’
‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-54/‘
* imlib2 version 1.4.3
* HP-UX B.11.11 (B.11.11.02.008)
* HP-UX B.11.23 (B.11.23.1.007)
* HP-UX B.11.31 (C.220.127.116.11)
The vulnerability is caused by a logic error within the ‘IMAGE_DIMENSIONS_OK()’ macro in src/lib/image.h. This can be exploited to cause heap-based buffer overflows via e.g. specially crafted ARGB, XPM, and BMP image files.
Fixed in the SVN repository.
07/04/2010 – Vendor notified.
08/04/2010 – Vendor response.
21/04/2010 – Public disclosure.’