Bug 59305 (CVE-2004-0802)

Summary: VUL-0: CVE-2004-0802: bmp loader buffer overflow in imlib2
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Marcus Meissner <meissner>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P3 - Medium CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: All   
OS: Linux   
Whiteboard: CVE-2004-0802: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: imlib2-1.1.0-fix.patch

Description Marcus Meissner 2004-08-26 20:33:49 UTC 
there is a image loader buffer overflow in the BMP image loader 
in imlib2, very similar to the one in imlib and xv. 
 
Fixed by following patch. 
 
This is a 9.0 and 9.1 box only library fortunately..
Comment 1 Marcus Meissner 2004-08-26 20:33:49 UTC 
<!-- SBZ_reproduce  -->
I dont know of an image viewer using imlib2 at the moment.
Comment 2 Marcus Meissner 2004-08-26 20:34:12 UTC 
Created attachment 22958 [details]
imlib2-1.1.0-fix.patch
Comment 3 Marcus Meissner 2004-08-26 20:34:35 UTC 
this additionaly disables the /tmp loissage gzbz2 handler, which is fixed 
in 1.1.1.
Comment 4 Marcus Meissner 2004-08-31 19:49:32 UTC 
CAN-2004-0802
Comment 5 Marcus Meissner 2004-08-31 23:53:04 UTC 
submitted packages and patchinfo.
Comment 6 Marcus Meissner 2004-09-03 17:33:09 UTC 
released
Comment 7 Thomas Biege 2009-10-13 19:49:22 UTC 
CVE-2004-0802: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)