CVE-2008-2426

Publication date 2 June 2008

Last updated 24 July 2024

Ubuntu priority

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
imlib2	8.10 intrepid	Not affected
	8.04 LTS hardy	Fixed 1.4.0-1ubuntu1.2
	7.10 gutsy	Fixed 1.3.0.0debian1-4ubuntu0.2
	7.04 feisty	Ignored end of life, was needed
	6.06 LTS dapper	Fixed 1.2.1-2ubuntu0.4

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
imlib2	Vendor: http://www.debian.org/security/2008/dsa-1594 Debdiff: http://launchpadlibrarian.net/16322082/cve-2008-2426-hardy-security.debdiff

CVE-2008-2426

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references