A heap overflow issue has been discovered in the imlib BMP decoder.
This issue deals with overflowing the color palette.
It may be possible for this overflow to allow an attacker to execute
The demo image is attachment 102533 [details].
This issue is also documented in the gnome BTS
Fedora Core is handled by bug 130908
This issue also affects RHEL2.1
Created attachment 103090 [details]
Current proposed patch
This is the current proposed patch. It differs from the gnome patch since it
removed some unneeded checks.
Created attachment 103392 [details]
New patch that takes care of the pervious issues plus a few more.
I have built
imlib-1.9.13-4.2 for RHEL 2.1
imlib-1.9.13-13.3 for RHEL 3
imlib-1.9.13-15.fc1 for FC1
imlib-1.9.13-19 for FC2
imlib-1.9.13-21 for FC3
hmm, I really messed up release numbering here...
An errata has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.