Detections
Analytics
openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2244)
medium Nessus Plugin ID 27270
Synopsis
The remote openSUSE host is missing a security update.Description
Various security problems have been fixed in the imlib2 image loaders :CVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image.
CVE-2006-4808: A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image.
CVE-2006-4807: A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image.
CVE-2006-4806: Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders.
Additionaly loading of TIFF images on 64bit systems is now possible.
Solution
Update the affected imlib2-loaders package.Plugin Details
Severity: Medium
ID: 27270
File Name: suse_imlib2-loaders-2244.nasl
Version: 1.13
Type: local
Agent: unix
Family: SuSE Local Security Checks
Published: 10/17/2007
Updated: 1/14/2021
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.5
CVSS v2
Risk Factor: Medium
Base Score: 5.1
Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:novell:opensuse:imlib2-loaders, cpe:/o:novell:opensuse:10.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Patch Publication Date: 11/8/2006
Reference Information
CVE: CVE-2006-4806, CVE-2006-4807, CVE-2006-4808, CVE-2006-4809