Launchpad.net

CVE 2008-5187

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

Related bugs and status

CVE-2008-5187 (Candidate) is related to these bugs:

Bug #302825: Please merge imlib2 (1.4.0-1.2) from debian unstable

Summary				In	Importance	Status
	302825	Please merge imlib2 (1.4.0-1.2) from debian unstable		imlib2 (Ubuntu)	Undecided	Fix Released
	302825	Please merge imlib2 (1.4.0-1.2) from debian unstable		imlib2 (Debian)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2008112...
CONFIRM: http://bugs.debian.org...
SECUNIA: 32796
DEBIAN: DSA-1672
FEDORA: FEDORA-2008-10287
FEDORA: FEDORA-2008-10296
OSVDB: 49970
SECUNIA: 32843
SECUNIA: 32949
GENTOO: GLSA-200812-23
SECUNIA: 33323
SECUNIA: 32963
MANDRIVA: MDVSA-2009:019
SUSE: SUSE-SR:2009:002
SECUNIA: 33568
BID: 32371
UBUNTU: USN-683-1
VUPEN: ADV-2008-3212