Rapid7 Vulnerability & Exploit Database

RHSA-2004:465: imlib security update

Back to Search

RHSA-2004:465: imlib security update

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
12/31/2004
Created
07/25/2018
Added
10/28/2005
Modified
07/12/2017

Description

An updated imlib package that fixes several heap overflows is now available.

Imlib is an image loading and rendering library. Several heap overflow flaws were found in the imlib BMP image handler. An attacker could create a carefully crafted BMP file in such a way that it could cause an application linked with imlib to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0817 to this issue. Users of imlib should update to this updated package which contains backported patches and is not vulnerable to this issue.

Solution(s)

  • redhat-upgrade-imlib
  • redhat-upgrade-imlib-cfgeditor
  • redhat-upgrade-imlib-devel

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;