Bug 426091 (CVE-2007-3568) - CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image
Summary: CVE-2007-3568 imlib: infinite loop DoS using crafted BMP image
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2007-3568
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: http://nvd.nist.gov/nvd.cfm?cvename=C...
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2007-12-18 13:43 UTC by Tomas Hoger
Modified: 2021-11-12 19:41 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2008-01-07 13:16:32 UTC
Embargoed:

Attachments (Terms of Use)
Gentoo patch (457 bytes, patch)
2007-12-18 13:50 UTC, Tomas Hoger 		no flags Details | Diff
View All

Description Tomas Hoger 2007-12-18 13:43:57 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-3568 to the following vulnerability:

The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

References:

http://www.securiteam.com/unixfocus/5WP030UM0W.html
http://www.securityfocus.com/bid/24750
http://www.securitytracker.com/id?1018332
http://xforce.iss.net/xforce/xfdb/35325
Comment 1 Tomas Hoger 2007-12-18 13:50:10 UTC 
Created attachment 289890 [details]
Gentoo patch

Replaces incorrect 'bpp && 16' with 'bpp != 16'
Comment 2 Tomas Hoger 2007-12-18 13:56:14 UTC 
NVD statement for Red Hat Enterprise Linux imlib packages was already published
on Nist NVD site (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3568):

  Official Statement from Red Hat (7/6/2007)
  Red Hat does not consider bugs which result in a user-assisted crash of end
  user application to be a security issue.

It is currently not planned to backport fix to Red Hat Enterprise Linux imlib
packages.  It may be worth fixing in Fedora, as according to reporter, imlib
upstream is inactive for some time, so we probably can't count on new upstream
release addressing this.  Paul?
Comment 3 Paul Howarth 2007-12-19 12:08:54 UTC 
imlib-1.9.15-6.fc9 containing the patch to fix this issue has been built for
Rawhide, and updates for F-7 and F-8 have been built and requested to be pushed
to updates-testing.
Comment 4 Tomas Hoger 2007-12-19 12:13:52 UTC 
Thanks, Paul!
Comment 5 Fedora Update System 2007-12-20 19:52:07 UTC 
imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update imlib'
Comment 6 Fedora Update System 2007-12-20 20:12:06 UTC 
imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update imlib'
Comment 7 Fedora Update System 2007-12-28 17:12:02 UTC 
imlib-1.9.15-6.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 8 Fedora Update System 2007-12-28 17:16:15 UTC 
imlib-1.9.15-6.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Tomas Hoger 2008-01-07 13:16:32 UTC 
Fedora updates:

  https://admin.fedoraproject.org/updates/F7/FEDORA-2007-4561
  https://admin.fedoraproject.org/updates/F8/FEDORA-2007-4594
Note You need to log in before you can comment on or make changes to this bug.