Mandrake Linux Security Advisory : imlib (MDKSA-2002:029)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

Previous versions of imlib, prior to 1.9.13, would fall back to the
NetPBM library which is not suitable for loading untrusted images due
to various problem in it's code. The new imlib also fixes some
problems with arguments passed to malloc(). These problems could allow
attackers to construct images that could cause crashes or,
potentially, the execution of arbitrary code when said images are
loaded by a viewer that uses imlib.

Thanks to Alan Cox and Al Viro for discovering the problems.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13936 (mandrake_MDKSA-2002-029.nasl)

Bugtraq ID: 4336
4339

CVE ID: CVE-2002-0167
CVE-2002-0168

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now