Openwall Project   /home  Owl  JtR  Pro  crypt  pam_passwdqc  tcb  phpass  scanlogd  popa3d  msulogin  /  Linux  BIND  /  advisories  presentations  /  services  donations  /  wordlists  passwords  /  news  community  lists  wiki  CVSweb  mirrors  signatures
bringing security into open environments
 
Password Recovery Resources on the Net
[<prev] [next>] [thread-next>] [month] [year] [list] 
Date: Thu, 20 Nov 2008 15:02:04 +0200
From: Pınar YanardaÄ. <pinar@...dus.org.tr>
To: oss-security@...ts.openwall.com
Subject: CVE Request: imlib2

 From Secunia [1]

----
*Description*:
A vulnerability has been discovered in imlib2, which can be exploited by 
malicious people to potentially compromise an application using the library.

The vulnerability is caused due to a pointer arithmetic error within the 
"load()" function provided by the XPM loader. This can be exploited to 
cause a heap-based buffer overflow via a specially crafted XPM file.

Successful exploitation may allow execution of arbitrary code.

The vulnerability is confirmed in version 1.4.2. Other versions may also 
be affected.
----

[1]: http://secunia.com/Advisories/32796

Can you assign a CVE please?

Cheers,

-- 
Pınar YanardaÄ. (a.k.a PINguAR)
http://pinguar.org
_____________________________

Pardus Security Team
http://security.pardus.org.tr

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux