Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3568 to the following vulnerability: The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0. References: http://www.securiteam.com/unixfocus/5WP030UM0W.html http://www.securityfocus.com/bid/24750 http://www.securitytracker.com/id?1018332 http://xforce.iss.net/xforce/xfdb/35325
Created attachment 289890 [details] Gentoo patch Replaces incorrect 'bpp && 16' with 'bpp != 16'
NVD statement for Red Hat Enterprise Linux imlib packages was already published on Nist NVD site (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3568): Official Statement from Red Hat (7/6/2007) Red Hat does not consider bugs which result in a user-assisted crash of end user application to be a security issue. It is currently not planned to backport fix to Red Hat Enterprise Linux imlib packages. It may be worth fixing in Fedora, as according to reporter, imlib upstream is inactive for some time, so we probably can't count on new upstream release addressing this. Paul?
imlib-1.9.15-6.fc9 containing the patch to fix this issue has been built for Rawhide, and updates for F-7 and F-8 have been built and requested to be pushed to updates-testing.
Thanks, Paul!
imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update imlib'
imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update imlib'
imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
Fedora updates: https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4561 https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4594