RHEL 2.1 / 3 : imlib (RHSA-2004:465)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing one or more security updates.

Description :

An updated imlib package that fixes several heap overflows is now
available.

Imlib is an image loading and rendering library.

Several heap overflow flaws were found in the imlib BMP image handler.
An attacker could create a carefully crafted BMP file in such a way
that it could cause an application linked with imlib to execute
arbitrary code when the file was opened by a victim. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-0817 to this issue.

Users of imlib should update to this updated package which contains
backported patches and is not vulnerable to this issue.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0817.html
http://bugzilla.gnome.org/show_bug.cgi?id=151034
http://rhn.redhat.com/errata/RHSA-2004-465.html

Solution :

Update the affected imlib, imlib-cfgeditor and / or imlib-devel
packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 14735 ()

Bugtraq ID:

CVE ID: CVE-2004-0817