Red Hat Bugzilla – Bug 235416
CVE-2004-1025, CVE-2004-1026: imlib integer/buffer overflows
Last modified: 2014-10-09 14:40:52 EDT
These two old issues appear to be still present in FE6 (1.9.13-*) and devel
(1.9.15-*) imlib packages. Bug 138516 contains a test case XPM as well as a
patch which should fix these issues.
It is unfortunate that the security fixes that went into RHEL4 in November 2004
didn't make it into the Fedora Core package at that time.
I've verified that the test pixmap crashes the current imblib (using qiv) and
that the patch from Bug #138516 fixes it.
I've now incorporated that patch in that bug into the 1.9.15-2 package on devel,
and updated FC-6 from 1.9.13-* to 1.9.15-2, which I believe will resolve this
problem for FC-6 onwards. FC-5 (1:1.9.13-27) is probably still vulnerable.
According to comment #2 in Bug #138522 FC-4 included a fix but I've just tried
the test pixmap and it crashes qiv on an FC-4 box.
> It is unfortunate that the security fixes that went into RHEL4 in November 2004
> didn't make it into the Fedora Core package at that time.
Sadly, this is a perennial problem with Fedora. :(