imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
CVSS
8.8
HIGH
Published
Feb 9, 2024
Loading
Vendor coverage
Track published CVEs, severity trends, and remediation context for enlightenment products.
Search results
Showing 1-32 of 32 vulnerabilities.
imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
CVSS
8.8
HIGH
Published
Feb 9, 2024
An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVSS
8.8
HIGH
Published
Feb 9, 2024
An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
CVSS
8.8
HIGH
Published
Feb 9, 2024
enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.
CVSS
7.8
HIGH
Published
Dec 25, 2022
modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.
CVSS
9.1
CRITICAL
Published
May 9, 2020
Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.
CVSS
7.8
HIGH
Published
Dec 17, 2018
Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.
CVSS
7.8
HIGH
Published
Apr 27, 2018
An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.
CVSS
7.8
HIGH
Published
Apr 27, 2018
Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.
CVSS
7.8
HIGH
Published
Jan 23, 2017
Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.
CVSS
9.8
CRITICAL
Published
May 13, 2016
The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.
CVSS
8.2
HIGH
Published
May 13, 2016
Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.
CVSS
7.5
HIGH
Published
May 13, 2016
Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.
CVSS
7.5
HIGH
Published
May 13, 2016
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
CVSS
7.5
HIGH
Published
May 13, 2016
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
CVSS
7.5
HIGH
Published
May 13, 2016
imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
CVSS
7.5
HIGH
Published
May 13, 2016
imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
CVSS
7.5
HIGH
Published
May 13, 2016
Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.
CVSS
6.8
UNKNOWN
Published
Apr 22, 2010
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
CVSS
10.0
UNKNOWN
Published
Feb 6, 2009
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.
CVSS
7.5
UNKNOWN
Published
Nov 21, 2008
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
CVSS
5.1
UNKNOWN
Published
Nov 7, 2006
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
CVSS
2.6
UNKNOWN
Published
Nov 7, 2006
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
CVSS
2.6
UNKNOWN
Published
Nov 7, 2006
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
CVSS
5.1
UNKNOWN
Published
Nov 7, 2006
Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVSS
10.0
UNKNOWN
Published
Jan 10, 2005
Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.
CVSS
10.0
UNKNOWN
Published
Jan 10, 2005
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVSS
7.5
UNKNOWN
Published
Dec 31, 2004
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
CVSS
5.1
UNKNOWN
Published
Dec 31, 2004
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
CVSS
7.5
UNKNOWN
Published
Sep 16, 2004
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.
CVSS
7.5
UNKNOWN
Published
Apr 22, 2002
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.
CVSS
7.5
UNKNOWN
Published
Apr 22, 2002
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
CVSS
4.6
UNKNOWN
Published
Mar 25, 2002