A heap overflow issue has been discovered in the imlib BMP decoder. This issue deals with overflowing the color palette. It may be possible for this overflow to allow an attacker to execute malicious code. The demo image is attachment 102533 [details]. This issue is also documented in the gnome BTS http://bugzilla.gnome.org/show_bug.cgi?id=151034 This issue also affects FC1
This has been pushed.