Bug 59305 (CVE-2004-0802) - VUL-0: CVE-2004-0802: bmp loader buffer overflow in imlib2
Summary: VUL-0: CVE-2004-0802: bmp loader buffer overflow in imlib2
Status: RESOLVED FIXED
Alias: CVE-2004-0802
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: All Linux
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Marcus Meissner
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2004-0802: CVSS v2 Base Score: 5....
Keywords:
Depends on:
Blocks:
 
Reported: 2004-08-26 20:33 UTC by Marcus Meissner
Modified: 2021-10-04 10:01 UTC (History)
1 user (show)

See Also:
Found By: ---
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
imlib2-1.1.0-fix.patch (1.57 KB, patch)
2004-08-26 20:34 UTC, Marcus Meissner 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2004-08-26 20:33:49 UTC 
there is a image loader buffer overflow in the BMP image loader 
in imlib2, very similar to the one in imlib and xv. 
 
Fixed by following patch. 
 
This is a 9.0 and 9.1 box only library fortunately..
Comment 1 Marcus Meissner 2004-08-26 20:33:49 UTC 
<!-- SBZ_reproduce  -->
I dont know of an image viewer using imlib2 at the moment.
Comment 2 Marcus Meissner 2004-08-26 20:34:12 UTC 
Created attachment 22958 [details]
imlib2-1.1.0-fix.patch
Comment 3 Marcus Meissner 2004-08-26 20:34:35 UTC 
this additionaly disables the /tmp loissage gzbz2 handler, which is fixed 
in 1.1.1.
Comment 4 Marcus Meissner 2004-08-31 19:49:32 UTC 
CAN-2004-0802
Comment 5 Marcus Meissner 2004-08-31 23:53:04 UTC 
submitted packages and patchinfo.
Comment 6 Marcus Meissner 2004-09-03 17:33:09 UTC 
released
Comment 7 Thomas Biege 2009-10-13 19:49:22 UTC 
CVE-2004-0802: CVSS v2 Base Score: 5.1 (AV:N/AC:H/Au:N/C:P/I:P/A:P)