‘imlib2 IMAGE_DIMENSIONS_OK Logic Error Vulnerability’

Summary

A vulnerability was discovered in imlib2, which can be exploited by malicious people to compromise an application using the library.’

Credit:

‘The information has been provided by Stefan Cornelius.
The original article can be found at: http://secunia.com/secunia_research/2010-54/


Details

Vulnerable Systems:
 * imlib2 version 1.4.3

Immune Systems:
 * HP-UX B.11.11 (B.11.11.02.008)
 * HP-UX B.11.23 (B.11.23.1.007)
 * HP-UX B.11.31 (C.8.13.3.5)

The vulnerability is caused by a logic error within the ‘IMAGE_DIMENSIONS_OK()’ macro in src/lib/image.h. This can be exploited to cause heap-based buffer overflows via e.g. specially crafted ARGB, XPM, and BMP image files.

Patch Availability:
Fixed in the SVN repository.

CVE Information:
CVE-2010-0991

Disclosure Timeline:
07/04/2010 – Vendor notified.
08/04/2010 – Vendor response.
21/04/2010 – Public disclosure.’

Categories: UNIX