Debian Security Advisory

DSA-618-1 imlib -- buffer overflows, integer overflows

Date Reported:
24 Dec 2004
Affected Packages:
Security database references:
In the Debian bugtracking system: Bug 284925.
In the Bugtraq database (at SecurityFocus): BugTraq ID 11830.
In Mitre's CVE dictionary: CVE-2004-1025, CVE-2004-1026.
More information:

Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib, an imaging library for X and X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project identifies the following problems:

For the stable distribution (woody) these problems have been fixed in version 1.9.14-2woody2.

For the unstable distribution (sid) these problems have been fixed in version 1.9.14-17.1 of imlib and in version 1.9.14-16.1 of imlib+png2 which produces the imlib1 package.

We recommend that you upgrade your imlib packages immediately.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:
Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.