Description
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
References (5)
Core 5
Core References
Patch x_refsource_confirm
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
Patch mailing-list
x_refsource_mlist
https://sourceforge.net/p/enlightenment/mailman/message/35055012/
Issue Tracking x_refsource_confirm
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2016/dsa-3555
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html
Scores
CVSS v3
8.2
EPSS
0.0278
EPSS Percentile
84.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Details
CWE
CWE-119
Status
published
Products (3)
debian/debian_linux
7.0
debian/debian_linux
8.0
enlightenment/imlib2
< 1.4.8
Published
May 13, 2016
Tracked Since
Feb 18, 2026