Vulnerabilities > CVE-2008-2426 - Buffer Errors vulnerability in Carsten Haitzler Imlib2 1.4.0
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-1594.NASL description Stefan Cornelius discovered two buffer overflows in Imlib last seen 2020-06-01 modified 2020-06-02 plugin id 33175 published 2008-06-16 reporter This script is Copyright (C) 2008-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/33175 title Debian DSA-1594-1 : imlib2 - buffer overflows NASL family Fedora Local Security Checks NASL id FEDORA_2008-4842.NASL description Fix CVE-2008-2426 / SA30401 - buffer overflow in the XPM loader. http://secunia.com/advisories/30401/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33078 published 2008-06-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33078 title Fedora 8 : imlib2-1.4.0-7.fc8 (2008-4842) NASL family Fedora Local Security Checks NASL id FEDORA_2008-4950.NASL description Fix CVE-2008-2426 / SA30401 - buffer overflow in the XPM loader. http://secunia.com/advisories/30401/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33083 published 2008-06-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33083 title Fedora 7 : imlib2-1.3.0-4.fc7 (2008-4950) NASL family SuSE Local Security Checks NASL id SUSE_IMLIB2-5572.NASL description This update fixes two security problems in imlib2. Specially crafted xpm files could trigger a stack based buffer overflow in imlib2 which could potentially be exploited to execute arbitrary code. (CVE-2008-2426) A crash in PNM handling due to a NULL pointer dereference was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 34194 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34194 title SuSE 10 Security Update : imlib2 (ZYPP Patch Number 5572) NASL family Fedora Local Security Checks NASL id FEDORA_2008-10296.NASL description - Sun Nov 23 2008 Tomas Smetana <tsmetana at redhat.com> 1.4.2-2 - patch for CVE-2008-5187 - Thu Oct 23 2008 Tomas Smetana <tsmetana at redhat.com> 1.4.2-1 - new upstream version - Fri May 30 2008 Tomas Smetana <tsmetana at redhat.com> 1.4.0-7 - patch for CVE-2008-2426 - Tue Mar 11 2008 Hans de Goede <j.w.r.degoede at hhs.nl> 1.4.0-6 - Disable amd64 assembly optimization. (Kills idesk - #222998, #436924) - Tue Feb 19 2008 Fedora Release Engineering <rel-eng at fedoraproject.org> - 1.4.0-5 - Autorebuild for GCC 4.3 - Tue Oct 23 2007 Hans de Goede <j.w.r.degoede at hhs.nl> 1.4.0-4 - Fix building on ia64 (bz 349171) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34966 published 2008-11-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34966 title Fedora 8 : imlib2-1.4.2-2.fc8 (2008-10296) NASL family SuSE Local Security Checks NASL id SUSE_IMLIB2-5571.NASL description This update fixes two security problems in imlib2. Specially crafted xpm files could trigger a stack based buffer overflow in imlib2 which could potentially be exploited to execute arbitrary code (CVE-2008-2426). A crash in PNM handling due to a NULL pointer dereference was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 34193 published 2008-09-12 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34193 title openSUSE 10 Security Update : imlib2 (imlib2-5571) NASL family SuSE Local Security Checks NASL id SUSE_11_0_IMLIB2-080903.NASL description This update fixes two security problems in imlib2. Specially crafted xpm files could trigger a stack based buffer overflow in imlib2 which could potentially be exploited to execute arbitrary code (CVE-2008-2426). A crash in PNM handling due to a NULL pointer dereference was fixed. last seen 2020-06-01 modified 2020-06-02 plugin id 39988 published 2009-07-21 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/39988 title openSUSE Security Update : imlib2 (imlib2-178) NASL family Fedora Local Security Checks NASL id FEDORA_2008-4871.NASL description Fix CVE-2008-2426 / SA30401 - buffer overflow in the XPM loader. http://secunia.com/advisories/30401/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 33080 published 2008-06-04 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33080 title Fedora 9 : imlib2-1.4.0-7.fc9 (2008-4871) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2008-123.NASL description Stefan Cornelius discovered two buffer overflows in Imlib last seen 2020-06-01 modified 2020-06-02 plugin id 37626 published 2009-04-23 reporter This script is Copyright (C) 2009-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/37626 title Mandriva Linux Security Advisory : imlib2 (MDVSA-2008:123) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-697-1.NASL description It was discovered that Imlib2 did not correctly handle certain malformed XPM and PNG images. If a user were tricked into opening a specially crafted image with an application that uses Imlib2, an attacker could cause a denial of service and possibly execute arbitrary code with the user last seen 2020-06-01 modified 2020-06-02 plugin id 36815 published 2009-04-23 reporter Ubuntu Security Notice (C) 2008-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/36815 title Ubuntu 6.06 LTS / 7.10 / 8.04 LTS : imlib2 vulnerability (USN-697-1) NASL family Fedora Local Security Checks NASL id FEDORA_2008-10287.NASL description - Sun Nov 23 2008 Tomas Smetana <tsmetana at redhat.com> 1.4.2-2 - patch for CVE-2008-5187 - Thu Oct 23 2008 Tomas Smetana <tsmetana at redhat.com> 1.4.2-1 - new upstream version - Fri May 30 2008 Tomas Smetana <tsmetana at redhat.com> 1.4.0-7 - patch for CVE-2008-2426 - Tue Mar 11 2008 Hans de Goede <j.w.r.degoede at hhs.nl> 1.4.0-6 - Disable amd64 assembly optimization. (Kills idesk - #222998, #436924) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 34965 published 2008-11-26 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/34965 title Fedora 9 : imlib2-1.4.2-2.fc9 (2008-10287) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200806-03.NASL description The remote host is affected by the vulnerability described in GLSA-200806-03 (Imlib 2: User-assisted execution of arbitrary code) Stefan Cornelius (Secunia Research) reported two boundary errors in Imlib2: One of them within the load() function in the file src/modules/loaders/loader_pnm.c when processing the header of a PNM image file, possibly leading to a stack-based buffer overflow. The second one within the load() function in the file src/modules/loader_xpm.c when processing an XPM image file, possibly leading to a stack-based buffer overflow. Impact : A remote attacker could entice a user to open a specially crafted PNM or XPM image, possibly resulting in the execution of arbitrary code with the rights of the user running the application using Imlib 2. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 33118 published 2008-06-09 reporter This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/33118 title GLSA-200806-03 : Imlib 2: User-assisted execution of arbitrary code
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 29417 CVE(CAN) ID: CVE-2008-2426 IMlib2是一个通用的图形加载和渲染库。 IMlib2库的src/modules/loaders/loader_pnm.c文件中的load()函数在处理PNM图形文件头时存在栈溢出,src/modules/loader_xpm.c文件的load()函数在处理XPM图形文件时存在栈溢出,如果用户受骗通过使用了imlib2库的应用程序打开了特制的图形文件的话,就可能触发这些溢出,导致执行任意指令。 Enlightenment Imlib2 1.4.0 Enlightenment ------------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.enlightenment.org/Libraries/Imlib2/ target=_blank>http://www.enlightenment.org/Libraries/Imlib2/</a> |
id | SSV:3359 |
last seen | 2017-11-19 |
modified | 2008-06-01 |
published | 2008-06-01 |
reporter | Root |
title | imlib2库多个栈溢出漏洞 |
References
- http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
- http://secunia.com/advisories/30401
- http://secunia.com/advisories/30485
- http://secunia.com/advisories/30572
- http://secunia.com/advisories/30727
- http://secunia.com/advisories/31982
- http://secunia.com/secunia_research/2008-25/advisory/
- http://securitytracker.com/id?1020146
- http://www.debian.org/security/2008/dsa-1594
- http://www.gentoo.org/security/en/glsa/glsa-200806-03.xml
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:123
- http://www.securityfocus.com/archive/1/492739/100/0/threaded
- http://www.securityfocus.com/bid/29417
- http://www.ubuntu.com/usn/USN-697-1
- http://www.vupen.com/english/advisories/2008/1700
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42732
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00030.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00052.html
- https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00113.html