SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Imlib Vendors:   [Multiple Authors/Vendors]
(Debian Issues Fix) imlib BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011320
SecurityTracker URL:  http://securitytracker.com/id/1011320
CVE Reference:   CVE-2004-0817   (Links to External Site)
Date:  Sep 16 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.9.14
Description:   A vulnerability was reported in imlib in the processing of BMP images. A remote user can cause imlib to crash or potentially execute arbitrary code.

The vendor reported that a remote user can create a specially crafted BMP image file containing runlength-encoded images that, when decoded by the target user, will cause imblib to crash.

Marcus Meissner discovered this vulnerability.

A demonstration exploit image from Chris Evans is available at:

http://bugzilla.gnome.org/attachment.cgi?id=30933&action=view

Impact:   A remote user can create a BMP file that, when decoded by the target user, will cause imlib to crash. It may also be possible to cause arbitrary code to be executed. The specific impact depends on the application using imlib.
Solution:   Debian has released a fix for the stable distribution (woody) in version 1.9.14-2wody1 and for the unstable distribution (sid) in version 1.9.14-17 of imlib and in version 1.9.14-16 of imlib+png2.
Vendor URL:  www.debian.org/security/ (Links to External Site)
Cause:   Boundary error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  3.0

Message History:   This archive entry is a follow-up to the message listed below.
Aug 31 2004 imlib BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [SECURITY] [DSA 548-1] New imlib packages fix arbitrary code execution


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 548-1                     security@debian.org
http://www.debian.org/security/                             Martin Schulze
September 16th, 2004                    http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : imlib
Vulnerability  : unsanitised input
Problem-Type   : remote
Debian-specific: no
CVE ID         : CAN-2004-0817

Marcus Meissner discovered a heap overflow error in imlib, an imaging
library for X and X11, that could be abused by an attacker to execute
arbitrary code on the vicims machine.

For the stable distribution (woody) this problem has been fixed in
version 1.9.14-2wody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.9.14-17 of imlib and in version 1.9.14-16 of imlib+png2.

We recommend that you upgrade your imlib1 packages.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2wody1.dsc
      Size/MD5 checksum:      803 6472ca2afec2286f184350d849bf9a5d
    http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14-2wody1.diff.gz
      Size/MD5 checksum:   269552 31472b9a33f689d518c237fa7d742961
    http://security.debian.org/pool/updates/main/i/imlib/imlib_1.9.14.orig.tar.gz
      Size/MD5 checksum:   748591 1fa54011e4e1db532d7eadae3ced6a8c

  Architecture independent components:

    http://security.debian.org/pool/updates/main/i/imlib/imlib-base_1.9.14-2wody1_all.deb
      Size/MD5 checksum:   114576 15b012593229931c4bbc29040d2fdae5

  Alpha architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_alpha.deb
      Size/MD5 checksum:   119104 4e64b397ae2e9a839600fc8f19fdd1df
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_alpha.deb
      Size/MD5 checksum:    96582 a0f07e9f4ded557eb3fabc0914ea6625
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_alpha.deb
      Size/MD5 checksum:   116752 d036103895155f0267a26283631978d5
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_alpha.deb
      Size/MD5 checksum:   262078 5e49dc13a1a4d61f74222dc1ae1bcb57
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_alpha.deb
      Size/MD5 checksum:    96668 b4cff88f951f6682358f6f393691a5bd

  ARM architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_arm.deb
      Size/MD5 checksum:    93592 9c928508c6366fa367cddaecf4d2e99d
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_arm.deb
      Size/MD5 checksum:    75032 4f90fccb7d8bc12b188d62da43f8f712
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_arm.deb
      Size/MD5 checksum:    93634 1c44359a8043ecd94dbcd7a4349fac6a
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_arm.deb
      Size/MD5 checksum:   258134 5f10db2bcb55a1ef8de534bdd0be730a
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_arm.deb
      Size/MD5 checksum:    75924 87ff486de47e594a996992a8721c9542

  Intel IA-32 architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_i386.deb
      Size/MD5 checksum:    77454 2b01b6df4f0859f6975932d2c3889fef
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_i386.deb
      Size/MD5 checksum:    68730 afaadff6f4e14d885a663bd47c68c97a
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_i386.deb
      Size/MD5 checksum:    76038 3b541785c7423bbb1c08b7ab4195f25d
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_i386.deb
      Size/MD5 checksum:   258222 89e8b55aac576760bb7dbd2fbce97ef4
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_i386.deb
      Size/MD5 checksum:    69332 1a2f9af32e10060af9712309565de823

  Intel IA-64 architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_ia64.deb
      Size/MD5 checksum:   128272 be9e12e56078ad9426c018fd589a386c
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_ia64.deb
      Size/MD5 checksum:   115640 2894139657c170641f026a5f51be8ae4
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_ia64.deb
      Size/MD5 checksum:   128662 a0d502bd1cb1147ec2806739dab6ffd9
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_ia64.deb
      Size/MD5 checksum:   266378 5febdea31eb17b29854233fbfb307869
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_ia64.deb
      Size/MD5 checksum:   118478 b53e063c50cbee0082fd3f34e6495a07

  HP Precision architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_hppa.deb
      Size/MD5 checksum:   104722 cd83de0a77ec1a2e9ad2b89661f7ce95
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_hppa.deb
      Size/MD5 checksum:    91568 e7ea261ab12d3026c655b88816b03fb1
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_hppa.deb
      Size/MD5 checksum:   103092 787e38c5c6804290826fb24d39942471
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_hppa.deb
      Size/MD5 checksum:   260886 6b7d99f18c2c4e531268d0685cec7815
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_hppa.deb
      Size/MD5 checksum:    91038 c8ca84e673418e3c0be7fd6f983b72a5

  Motorola 680x0 architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_m68k.deb
      Size/MD5 checksum:    71648 46ee28536a1eca2cde30c8956aced176
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_m68k.deb
      Size/MD5 checksum:    63886 c27cb2052b30443ccbd8aaa1ee70752c
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_m68k.deb
      Size/MD5 checksum:    69480 62a8fdc6b8eefdf233073d27ff143159
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_m68k.deb
      Size/MD5 checksum:   257254 2062e2c1e836765fa547540c25217dc0
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_m68k.deb
      Size/MD5 checksum:    64098 bb634b1f3812b538a158fcb5ffb2037a

  Big endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_mips.deb
      Size/MD5 checksum:    95334 6df97ffb427a10ea4ad53b9031725fca
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_mips.deb
      Size/MD5 checksum:    75042 dc6945a5f284fe9df84f73aef5c5fd98
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_mips.deb
      Size/MD5 checksum:    92272 77d49cb7e43d26ff1c760f509b68a692
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_mips.deb
      Size/MD5 checksum:   257824 03abbd17269e50822da7d9ff8962500d
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_mips.deb
      Size/MD5 checksum:    75606 6173739a1120d7388a77727ee28a1c50

  Little endian MIPS architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_mipsel.deb
      Size/MD5 checksum:    95350 af89cfadec5bbb4e48f9ae0bb6c59b03
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_mipsel.deb
      Size/MD5 checksum:    75088 340cedde5a835f610164753e64d8a36d
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_mipsel.deb
      Size/MD5 checksum:    92286 48df55c16c2760bd82d5dfbd051d1104
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_mipsel.deb
      Size/MD5 checksum:   257692 f9b42b3f6d6ba9e4bdc48df5fe5c2d22
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_mipsel.deb
      Size/MD5 checksum:    75520 2c8d731adcee92a92307fd11861fdaae

  PowerPC architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_powerpc.deb
      Size/MD5 checksum:    93706 6cc8b8753c18f11793805faeeb25aded
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_powerpc.deb
      Size/MD5 checksum:    76440 50d611afb959762e4b975bdf181dabe4
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_powerpc.deb
      Size/MD5 checksum:    89862 cbf553ff94b438dccea73bd68cb64f8f
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_powerpc.deb
      Size/MD5 checksum:   258394 2cbbcc991c068aa94adff360210dfc41
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_powerpc.deb
      Size/MD5 checksum:    75050 8e123dbbfc8e0ad2ec3acf21619f4658

  IBM S/390 architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_s390.deb
      Size/MD5 checksum:    82924 5fff2f003dcd49d4786f09210b76df35
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_s390.deb
      Size/MD5 checksum:    77602 270ce2d438f02793c50f3f27dc26c872
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_s390.deb
      Size/MD5 checksum:    83804 6413991452e5bee44855606146c3402d
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_s390.deb
      Size/MD5 checksum:   258558 0f331b840d6f82164f4869ee4d9847d7
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_s390.deb
      Size/MD5 checksum:    78164 521720c8c47a87ef9c768108ec9bffed

  Sun Sparc architecture:

    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib-dev_1.9.14-2wody1_sparc.deb
      Size/MD5 checksum:    88346 7e8d46b4b7af331e92dc8bc40e1af3f1
    http://security.debian.org/pool/updates/main/i/imlib/gdk-imlib1_1.9.14-2wody1_sparc.deb
      Size/MD5 checksum:    76190 14d67fc9827d7eae2533c4ff3ad048b3
    http://security.debian.org/pool/updates/main/i/imlib/imlib-dev_1.9.14-2wody1_sparc.deb
      Size/MD5 checksum:    85312 5c8b26804737b09678f60ef9ea4048ba
    http://security.debian.org/pool/updates/main/i/imlib/imlib-progs_1.9.14-2wody1_sparc.deb
      Size/MD5 checksum:   258638 c2577ef0cc83d0934778c2eec3d106e3
    http://security.debian.org/pool/updates/main/i/imlib/imlib1_1.9.14-2wody1_sparc.deb
      Size/MD5 checksum:    76356 f500ce8f5cf4f16de487c1677970eccb


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)

iD8DBQFBSYuBW5ql+IAeqTIRAty2AJ4jMn4adgixNcF2fzSi2aXM/mV/jQCgloOC
IQcDrKSW5nI+ZypbaZim+u8=
=rQte
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC