Test ID:	1.3.6.1.4.1.25623.1.0.58495
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2007:156 (imlib2)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to imlib2 announced via advisory MDKSA-2007:156. M Joonas Pihlaja discovered several vulnerabilities in the Imlib2 graphics library. The load() function of several of the Imlib2 image loaders does not check the width and height of an image before allocating memory. As a result, a carefully crafted image file can trigger a segfault when an application using Imlib2 attempts to view the image. (CVE-2006-4806) The tga loader fails to bounds check input data to make sure the input data doesn load outside the memory mapped region. (CVE-2006-4807) The RLE decoding loops of the load() function in the tga loader does not check that the count byte of an RLE packet doesn cause a heap overflow of the pixel buffer. (CVE-2006-4808) The load() function of the pnm loader writes arbitrary length user data into a fixed size stack allocated buffer buf[] without bounds checking. (CVE-2006-4809) Updated packages have been patched to prevent these issues. Affected: 2007.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2007:156 Risk factor : High CVSS Score: 5.1
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-4806 20903 http://www.securityfocus.com/bid/20903 22732 http://secunia.com/advisories/22732 22744 http://secunia.com/advisories/22744 22752 http://secunia.com/advisories/22752 22932 http://secunia.com/advisories/22932 23441 http://secunia.com/advisories/23441 30105 http://www.osvdb.org/30105 30106 http://www.osvdb.org/30106 30107 http://www.osvdb.org/30107 30108 http://www.osvdb.org/30108 30109 http://www.osvdb.org/30109 ADV-2006-4349 http://www.vupen.com/english/advisories/2006/4349 GLSA-200612-20 http://security.gentoo.org/glsa/glsa-200612-20.xml MDKSA-2006:198 http://www.mandriva.com/security/advisories?name=MDKSA-2006:198 MDKSA-2007:156 http://www.mandriva.com/security/advisories?name=MDKSA-2007:156 SUSE-SR:2006:026 http://www.novell.com/linux/security/advisories/2006_26_sr.html USN-376-1 http://www.ubuntu.com/usn/usn-376-1 USN-376-2 http://www.ubuntu.com/usn/usn-376-2 http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz imlib2-load-overflow(30064) https://exchange.xforce.ibmcloud.com/vulnerabilities/30064 Common Vulnerability Exposure (CVE) ID: CVE-2006-4807 30102 http://www.osvdb.org/30102 imlib2-loadertgac-dos(30066) https://exchange.xforce.ibmcloud.com/vulnerabilities/30066 Common Vulnerability Exposure (CVE) ID: CVE-2006-4808 30103 http://www.osvdb.org/30103 imlib2-loadertgac-bo(30068) https://exchange.xforce.ibmcloud.com/vulnerabilities/30068 Common Vulnerability Exposure (CVE) ID: CVE-2006-4809 30104 http://www.osvdb.org/30104 imlib2-loaderpnmc-bo(30070) https://exchange.xforce.ibmcloud.com/vulnerabilities/30070
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.