A vulnerability was found in a way imlib2 processes GIF files. A specially crafted file could cause the imlib2 to crash, or even expose some of the host memory. Original bug report (reproducer attached): https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
Created imlib2 tracking bugs for this issue: Affects: fedora-all [bug 1323062] Affects: epel-6 [bug 1323063] Affects: epel-7 [bug 1323064]
Created attachment 1142568 [details] Silghtly modified patch from the Debian bug
Upstream fix: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8 CVE assignment: http://seclists.org/oss-sec/2016/q2/46
imlib2-1.4.8-1.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.
imlib2-1.4.9-1.fc24 has been pushed to the Fedora 24 stable repository. If problems still persist, please make note of it in this bug report.
imlib2-1.4.9-1.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.