SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2245)
Medium Nessus Plugin ID 29463
The remote SuSE 10 host is missing a security-related patch.
Various security problems have been fixed in the imlib2 image loaders : - A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. (CVE-2006-4809) - A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. (CVE-2006-4808) - A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. (CVE-2006-4807) - Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. (CVE-2006-4806) Additionally loading of TIFF images on 64bit systems now works.