openSUSE 10 Security Update : imlib2-loaders (imlib2-loaders-2265)

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote openSUSE host is missing a security update.

Description :

Various security problems have been fixed in the imlib2 image
loaders :

CVE-2006-4809: A stack-based buffer overflow in loader_pnm.c could be
used by attackers to execute code by supplying a handcrafted PNM
image.

CVE-2006-4808: A heap buffer overflow in loader_tga.c could
potentially be used by attackers to execute code by supplying a
handcrafted TGA image.

CVE-2006-4807: A out of bounds memory read in loader_tga.c could be
used to crash the imlib2 using application with a handcrafted TGA
image.

CVE-2006-4806: Various integer overflows in width*height calculations
could lead to heap overflows which could potentially be used to
execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF
loaders.

Additionaly loading of TIFF images on 64bit systems is now possible.

This update obsoletes the previous one, which had problems with JPEG
loading.

Solution :

Update the affected imlib2-loaders package.

Risk factor :

Medium / CVSS Base Score : 5.1
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P)

Family: SuSE Local Security Checks

Nessus Plugin ID: 27271 ()

Bugtraq ID:

CVE ID: CVE-2006-4806
CVE-2006-4807
CVE-2006-4808
CVE-2006-4809

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now