Debian Security Advisory

DSA-628-1 imlib2 -- integer overflows

Date Reported:
06 Jan 2005
Affected Packages:
Security database references:
In Mitre's CVE dictionary: CVE-2004-1026, CVE-2004-1025.
More information:

Pavel Kankovsky discovered that several overflows found in the libXpm library were also present in imlib and imlib2, imaging libraries for X11. An attacker could create a carefully crafted image file in such a way that it could cause an application linked with imlib or imlib2 to execute arbitrary code when the file was opened by a victim. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CAN-2004-1025

    Multiple heap-based buffer overflows. No such code is present in imlib2.

  • CAN-2004-1026

    Multiple integer overflows in the imlib library.

For the stable distribution (woody) these problems have been fixed in version 1.0.5-2woody2.

For the unstable distribution (sid) these problems will be fixed soon.

We recommend that you upgrade your imlib2 packages.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Intel IA-32:
Intel IA-64:
Motorola 680x0:
Big endian MIPS:
Little endian MIPS:
IBM S/390:
Sun Sparc:

MD5 checksums of the listed files are available in the original advisory.