SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Imlib Vendors:   [Multiple Authors/Vendors]
(Conectiva Issues Fix) imlib BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code
SecurityTracker Alert ID:  1011446
SecurityTracker URL:  http://securitytracker.com/id/1011446
CVE Reference:   CVE-2004-0817   (Links to External Site)
Date:  Sep 28 2004
Impact:   Denial of service via network, Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.9.14
Description:   A vulnerability was reported in imlib in the processing of BMP images. A remote user can cause imlib to crash or potentially execute arbitrary code.

The vendor reported that a remote user can create a specially crafted BMP image file containing runlength-encoded images that, when decoded by the target user, will cause imblib to crash.

Marcus Meissner discovered this vulnerability.

A demonstration exploit image from Chris Evans is available at:

http://bugzilla.gnome.org/attachment.cgi?id=30933&action=view

Impact:   A remote user can create a BMP file that, when decoded by the target user, will cause imlib to crash. It may also be possible to cause arbitrary code to be executed. The specific impact depends on the application using imlib.
Solution:   Conectiva has released a fix.

ftp://atualizacoes.conectiva.com.br/10/SRPMS/libimlib1-1.9.14-63739U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/SRPMS/imlib2-1.0.6-58651U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib-devel-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib-devel-static-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib1-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib1-cfgeditor-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-devel-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-devel-static-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-filters-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_argb-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_bmp-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_gif-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_jpeg-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_png-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_pnm-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_tga-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_tiff-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_xpm-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/imlib-1.9.14-29233U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/imlib2-1.0.6-26409U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-cfgeditor-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-devel-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-devel-static-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-devel-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-devel-static-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-filters-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_argb-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_bmp-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_gif-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_jpeg-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_png-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_pnm-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_tga-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_tiff-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_xpm-1.0.6-26409U90_1cl.i386.rpm

Cause:   Boundary error
Underlying OS:  Linux (Conectiva)
Underlying OS Comments:  9, 10

Message History:   This archive entry is a follow-up to the message listed below.
Aug 31 2004 imlib BMP Decoding Buffer Overflow May Let Remote Users Execute Arbitrary Code



 Source Message Contents

Subject:  [Conectiva-updates] [CLA-2004:870] Conectiva Security Announcement


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : imlib
SUMMARY   : Fix for a buffer overflow in imlib and imlib2
DATE      : 2004-09-28 11:37:00
ID        : CLA-2004:870
RELEVANT
RELEASES  : 9, 10

- -------------------------------------------------------------------------

DESCRIPTION
 imlib[1] and imlib2[2] are powerful image loading and rendering
 libraries.
 
 Marcus Meissner noticed that due to improper bounds checking,
 imlib[3] and imlib2[4] are vulnerable to a buffer overflow when
 decoding runlength-encoded bitmaps.  This bug can be exploited using
 a specially-crafted BMP image and could potentially allow remote code
 execution when this image is decoded by the user.


SOLUTION
 It is recommended that all Conectiva Linux users upgrade their
 packages.
 
 IMPORTANT: all applications linked against imlib and imlib2 must be
 restarted after the upgrade in order to close the vulnerabilities.
 
 
 REFERENCES
 1.http://enlightenment.org/pages/imlib.html
 2.http://enlightenment.org/pages/imlib2.html
 3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0817
 4.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0802


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/libimlib1-1.9.14-63739U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/SRPMS/imlib2-1.0.6-58651U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib-devel-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib-devel-static-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib1-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/libimlib1-cfgeditor-1.9.14-63739U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-devel-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-devel-static-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-filters-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_argb-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_bmp-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_gif-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_jpeg-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_png-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_pnm-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_tga-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_tiff-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/imlib2-loader_xpm-1.0.6-58651U10_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/imlib-1.9.14-29233U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/imlib2-1.0.6-26409U90_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-cfgeditor-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-devel-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib-devel-static-1.9.14-29233U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-devel-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-devel-static-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-filters-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_argb-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_bmp-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_gif-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_jpeg-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_png-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_pnm-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_tga-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_tiff-1.0.6-26409U90_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/imlib2-loader_xpm-1.0.6-26409U90_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFBWXc542jd0JmAcZARAqE+AKCconWIfj3BM53qjoph5E6aVWcCPQCdHD7K
b7tK4xAAdzY6L8F8fQCLs8g=
=yDa1
-----END PGP SIGNATURE-----

______________________________________________________________________
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC