Vulnerabilities > CVE-2008-6079 - Unspecified vulnerability in Enlightenment Imlib2
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN enlightenment
nessus
Summary
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
Vulnerable Configurations
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2029.NASL description It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files. last seen 2020-06-01 modified 2020-06-02 plugin id 45428 published 2010-04-06 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45428 title Debian DSA-2029-1 : imlib2 - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2029. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(45428); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2008-6079"); script_xref(name:"DSA", value:"2029"); script_name(english:"Debian DSA-2029-1 : imlib2 - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "It was discovered that imlib2, a library to load and process several image formats, did not properly process various image file types. Several heap and stack based buffer overflows - partly due to integer overflows - in the ARGB, BMP, JPEG, LBM, PNM, TGA and XPM loaders can lead to the execution of arbitrary code via crafted image files." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576469" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2029" ); script_set_attribute( attribute:"solution", value: "For the stable distribution (lenny), this problem has been fixed in version 1.4.0-1.2+lenny1." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:imlib2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/04/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/04/06"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"libimlib2", reference:"1.4.0-1.2+lenny1")) flag++; if (deb_check(release:"5.0", prefix:"libimlib2-dev", reference:"1.4.0-1.2+lenny1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2010-127.NASL description A vulnerability has been found and corrected in imlib2 : imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several heap and stack based buffer overflows - partly due to integer overflows. (CVE-2008-6079). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 48189 published 2010-07-30 reporter This script is Copyright (C) 2010-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/48189 title Mandriva Linux Security Advisory : imlib2 (MDVSA-2010:127) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2010:127. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(48189); script_version("1.9"); script_cvs_date("Date: 2019/08/02 13:32:53"); script_cve_id("CVE-2008-6079"); script_xref(name:"MDVSA", value:"2010:127"); script_name(english:"Mandriva Linux Security Advisory : imlib2 (MDVSA-2010:127)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A vulnerability has been found and corrected in imlib2 : imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to several heap and stack based buffer overflows - partly due to integer overflows. (CVE-2008-6079). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=4 90 The updated packages have been patched to correct this issue." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:imlib2-data"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64imlib2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64imlib2_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64imlib2_1-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64imlib2_1-loaders"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libimlib2-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libimlib2_1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libimlib2_1-filters"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libimlib2_1-loaders"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2009.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/30"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK2008.0", reference:"imlib2-data-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64imlib2-devel-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64imlib2_1-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64imlib2_1-filters-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"x86_64", reference:"lib64imlib2_1-loaders-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libimlib2-devel-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libimlib2_1-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libimlib2_1-filters-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2008.0", cpu:"i386", reference:"libimlib2_1-loaders-1.4.0.003-2.3mdv2008.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", reference:"imlib2-data-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64imlib2-devel-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64imlib2_1-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64imlib2_1-filters-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"x86_64", reference:"lib64imlib2_1-loaders-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libimlib2-devel-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libimlib2_1-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libimlib2_1-filters-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (rpm_check(release:"MDK2009.0", cpu:"i386", reference:"libimlib2_1-loaders-1.4.1.000-3.2mdv2009.0", yank:"mdv")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576469
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=576469
- http://secunia.com/advisories/32354
- http://secunia.com/advisories/32354
- http://secunia.com/advisories/39340
- http://secunia.com/advisories/39340
- http://sourceforge.net/project/shownotes.php?release_id=634778
- http://sourceforge.net/project/shownotes.php?release_id=634778
- http://www.debian.org/security/2010/dsa-2029
- http://www.debian.org/security/2010/dsa-2029
- http://www.securityfocus.com/bid/31880
- http://www.securityfocus.com/bid/31880
- http://www.vupen.com/english/advisories/2008/2898
- http://www.vupen.com/english/advisories/2008/2898
- http://www.vupen.com/english/advisories/2010/0803
- http://www.vupen.com/english/advisories/2010/0803
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46037
- https://exchange.xforce.ibmcloud.com/vulnerabilities/46037