A heap overflow issue has been discovered in the imlib BMP decoder. This issue deals with overflowing the color palette. It may be possible for this overflow to allow an attacker to execute malicious code. The demo image is attachment 102533 [details]. This issue is also documented in the gnome BTS http://bugzilla.gnome.org/show_bug.cgi?id=151034 Fedora Core is handled by bug 130908 This issue also affects RHEL2.1
Created attachment 103090 [details] Current proposed patch This is the current proposed patch. It differs from the gnome patch since it removed some unneeded checks.
Created attachment 103392 [details] New patch that takes care of the pervious issues plus a few more.
I have built imlib-1.9.13-4.2 for RHEL 2.1 imlib-1.9.13-13.3 for RHEL 3 imlib-1.9.13-15.fc1 for FC1 imlib-1.9.13-19 for FC2 imlib-1.9.13-21 for FC3 hmm, I really messed up release numbering here...
An errata has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on the solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHSA-2004-465.html