CVE-2008-5187

Published: Nov 21, 2008Modified: Apr 23, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

Affected (1)

Products: Enlightenment: Imlib2

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Enlightenment Imlib2	Version 1.4.2

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (36)

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

Source: cve@mitre.org

http://osvdb.org/49970

Source: cve@mitre.org

http://secunia.com/advisories/32796

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/32843

Source: cve@mitre.org

http://secunia.com/advisories/32949

Source: cve@mitre.org

http://secunia.com/advisories/32963

Source: cve@mitre.org

http://secunia.com/advisories/33323

Source: cve@mitre.org

http://secunia.com/advisories/33568

Source: cve@mitre.org

http://security.gentoo.org/glsa/glsa-200812-23.xml

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1672

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:019

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2008/11/20/5

Source: cve@mitre.org

http://www.securityfocus.com/bid/32371

Source: cve@mitre.org

http://www.ubuntu.com/usn/USN-683-1

Source: cve@mitre.org

http://www.vupen.com/english/advisories/2008/3212

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00856.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00858.html

Source: cve@mitre.org

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15

Source: af854a3a-2127-422b-91ae-364da2661108

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://osvdb.org/49970

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32796

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/32843

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32949

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/32963

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33323

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/33568

Source: af854a3a-2127-422b-91ae-364da2661108

http://security.gentoo.org/glsa/glsa-200812-23.xml

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2008/dsa-1672

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:019

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2008/11/20/5

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/32371

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.ubuntu.com/usn/USN-683-1

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.vupen.com/english/advisories/2008/3212

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00856.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00858.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.