The load function in the XPM loader for imlib2 1.4.2, and possibly other
versions, allows attackers to cause a denial of service (crash) and
possibly execute arbitrary code via a crafted XPM file that triggers a
"pointer arithmetic error" and a heap-based buffer overflow, a different
vulnerability than CVE-2008-2426.
NOTE: the provenance of this information is unknown; the details are
obtained solely from third party information.
imlib2-1.4.2-2.fc10 has been submitted as an update for Fedora 10.
imlib2-1.4.2-2.fc9 has been submitted as an update for Fedora 9.
imlib2-1.4.2-2.fc8 has been submitted as an update for Fedora 8.
imlib2-1.4.2-2.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.
imlib2-1.4.2-2.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
imlib2-1.4.2-2.fc10 has been pushed to the Fedora 10 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in:
Upstream bug and SVN commit: