imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
Max CVSS
8.8
EPSS Score
0.12%
Published
2024-02-09
Updated
2024-02-15
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
Max CVSS
8.8
EPSS Score
0.12%
Published
2024-02-09
Updated
2024-02-15
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
Max CVSS
8.8
EPSS Score
0.12%
Published
2024-02-09
Updated
2024-02-15

CVE-2022-37706

Public exploit
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
Max CVSS
7.8
EPSS Score
0.08%
Published
2022-12-25
Updated
2023-01-04
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
Max CVSS
9.1
EPSS Score
0.22%
Published
2020-05-09
Updated
2021-07-21
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.
Max CVSS
7.8
EPSS Score
0.53%
Published
2018-12-17
Updated
2019-10-03
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
Max CVSS
9.8
EPSS Score
3.57%
Published
2016-05-13
Updated
2018-10-30
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
Max CVSS
8.2
EPSS Score
1.49%
Published
2016-05-13
Updated
2016-12-01
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
Max CVSS
7.5
EPSS Score
1.56%
Published
2016-05-13
Updated
2016-12-01
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
Max CVSS
7.8
EPSS Score
0.37%
Published
2017-01-23
Updated
2020-02-24
Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
Max CVSS
7.5
EPSS Score
6.55%
Published
2016-05-13
Updated
2016-12-01
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
Max CVSS
7.5
EPSS Score
2.65%
Published
2016-05-13
Updated
2017-07-01
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
Max CVSS
7.5
EPSS Score
5.80%
Published
2016-05-13
Updated
2017-07-01
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
Max CVSS
7.5
EPSS Score
2.65%
Published
2016-05-13
Updated
2017-07-01
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-04-27
Updated
2018-06-07
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
Max CVSS
7.8
EPSS Score
0.04%
Published
2018-04-27
Updated
2018-06-07
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
Max CVSS
7.5
EPSS Score
1.76%
Published
2016-05-13
Updated
2016-12-01
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.
Max CVSS
6.8
EPSS Score
0.33%
Published
2010-04-22
Updated
2018-10-10
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
Max CVSS
10.0
EPSS Score
0.99%
Published
2009-02-06
Updated
2017-08-08
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.
Max CVSS
7.5
EPSS Score
1.89%
Published
2008-11-21
Updated
2011-03-08
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
Max CVSS
5.1
EPSS Score
6.69%
Published
2006-11-07
Updated
2017-07-20
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
Max CVSS
2.6
EPSS Score
5.90%
Published
2006-11-07
Updated
2017-07-20
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
Max CVSS
2.6
EPSS Score
7.53%
Published
2006-11-07
Updated
2017-07-20
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
Max CVSS
5.1
EPSS Score
12.03%
Published
2006-11-07
Updated
2017-07-20
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
Max CVSS
10.0
EPSS Score
5.47%
Published
2005-01-10
Updated
2017-10-11
32 vulnerabilities found
1 2
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!