Bug 426091 (CVE-2007-3568)

Summary: CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image
Product: [Other] Security Response Reporter: Tomas Hoger <thoger>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: mclasen, paul
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3568
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-07 13:16:32 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Gentoo patch none

Description Tomas Hoger 2007-12-18 13:43:57 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3568 to the following vulnerability:

The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

References:

http://www.securiteam.com/unixfocus/5WP030UM0W.html
http://www.securityfocus.com/bid/24750
http://www.securitytracker.com/id?1018332
http://xforce.iss.net/xforce/xfdb/35325
Comment 1 Tomas Hoger 2007-12-18 13:50:10 UTC 
Created attachment 289890 [details]
Gentoo patch

Replaces incorrect 'bpp && 16' with 'bpp != 16'
Comment 2 Tomas Hoger 2007-12-18 13:56:14 UTC 
NVD statement for Red Hat Enterprise Linux imlib packages was already published
on Nist NVD site (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3568):

  Official Statement from Red Hat (7/6/2007)
  Red Hat does not consider bugs which result in a user-assisted crash of end
  user application to be a security issue.

It is currently not planned to backport fix to Red Hat Enterprise Linux imlib
packages.  It may be worth fixing in Fedora, as according to reporter, imlib
upstream is inactive for some time, so we probably can't count on new upstream
release addressing this.  Paul?
Comment 3 Paul Howarth 2007-12-19 12:08:54 UTC 
imlib-1.9.15-6.fc9 containing the patch to fix this issue has been built for
Rawhide, and updates for F-7 and F-8 have been built and requested to be pushed
to updates-testing.
Comment 4 Tomas Hoger 2007-12-19 12:13:52 UTC 
Thanks, Paul!
Comment 5 Fedora Update System 2007-12-20 19:52:07 UTC 
imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update imlib'
Comment 6 Fedora Update System 2007-12-20 20:12:06 UTC 
imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update imlib'
Comment 7 Fedora Update System 2007-12-28 17:12:02 UTC 
imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2007-12-28 17:16:15 UTC 
imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Tomas Hoger 2008-01-07 13:16:32 UTC 
Fedora updates:

  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4561
  https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4594