Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
For bugs related to Red Hat Enterprise Linux 3 product line. The current stable release is 3.9. For Red Hat Enterprise Linux 6 and above, please visit Red Hat JIRA https://issues.redhat.com/secure/CreateIssue!default.jspa?pid=12332745 to report new issues.

Bug 130909

Summary: CAN-2004-0817 heap overflow in BMP decoder
Product: Red Hat Enterprise Linux 3 Reporter: Josh Bressers <bressers>
Component: imlibAssignee: Matthias Clasen <mclasen>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: 3.0Keywords: Security
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2004-09-15 15:12:57 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
Current proposed patch
none
New patch that takes care of the pervious issues plus a few more. none

Description Josh Bressers 2004-08-25 18:36:02 UTC 
A heap overflow issue has been discovered in the imlib BMP decoder. 
This issue deals with overflowing the color palette.

It may be possible for this overflow to allow an attacker to execute
malicious code.

The demo image is attachment 102533 [details].

This issue is also documented in the gnome BTS
http://bugzilla.gnome.org/show_bug.cgi?id=151034

Fedora Core is handled by bug 130908

This issue also affects RHEL2.1
Comment 1 Josh Bressers 2004-08-25 18:37:32 UTC 
Created attachment 103090 [details]
Current proposed patch

This is the current proposed patch.  It differs from the gnome patch since it
removed some unneeded checks.
Comment 3 Josh Bressers 2004-09-02 16:07:52 UTC 
Created attachment 103392 [details]
New patch that takes care of the pervious issues plus a few more.
Comment 4 Matthias Clasen 2004-09-09 18:42:09 UTC 
I have built

imlib-1.9.13-4.2 for RHEL 2.1
imlib-1.9.13-13.3 for RHEL 3
imlib-1.9.13-15.fc1 for FC1
imlib-1.9.13-19 for FC2
imlib-1.9.13-21 for FC3

hmm, I really messed up release numbering here...
Comment 5 Josh Bressers 2004-09-15 15:12:57 UTC 
An errata has been issued which should help the problem 
described in this bug report. This report is therefore being 
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, 
please follow the link below. You may reopen this bug report 
if the solution does not work for you.

http://rhn.redhat.com/errata/RHSA-2004-465.html