CVE-2006-4806

Severity

51%

Complexity

49%

Confidentiality

106%

Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.

Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.

CVSS 2.0 Base Score 5.1. CVSS Attack Vector: network. CVSS Attack Complexity: high. CVSS Vector: (AV:N/AC:H/Au:N/C:P/I:P/A:P).

Overview

Type

Enlightenment imlib2

First reported 18 years ago

2006-11-07 00:07:00

Last updated 7 years ago

2017-07-20 01:33:00

Affected Software

Enlightenment imlib2 1.2.1

1.2.1

Enlightenment imlib2 1.2.2

1.2.2

References

22732

Vendor Advisory

22744

Vendor Advisory

22752

Patch, Vendor Advisory

22932

23441

GLSA-200612-20

http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz

MDKSA-2006:198

MDKSA-2007:156

SUSE-SR:2006:026

30105

30106

30107

30108

30109

20903

USN-376-1

USN-376-2

Patch

ADV-2006-4349

imlib2-load-overflow(30064)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.