SuSE 10 Security Update : imlib2-loaders (ZYPP Patch Number 2261)
Medium Nessus Plugin ID 29464
SynopsisThe remote SuSE 10 host is missing a security-related patch.
DescriptionVarious security problems have been fixed in the imlib2 image loaders :
- A stack-based buffer overflow in loader_pnm.c could be used by attackers to execute code by supplying a handcrafted PNM image. (CVE-2006-4809)
- A heap buffer overflow in loader_tga.c could potentially be used by attackers to execute code by supplying a handcrafted TGA image. (CVE-2006-4808)
- A out of bounds memory read in loader_tga.c could be used to crash the imlib2 using application with a handcrafted TGA image. (CVE-2006-4807)
- Various integer overflows in width*height calculations could lead to heap overflows which could potentially be used to execute code. Affected here are the ARGB, PNG, LBM, JPEG and TIFF loaders. (CVE-2006-4806)
Additionally loading of TIFF images on 64bit systems now works.
This obsoletes a previous update, which had broken JPEG loading.
SolutionApply ZYPP patch number 2261.