UbuntuUpdates.org

Package "imlib2"

Name: imlib2

Description:

This package is just an umbrella for a group of other packages, it has no description.
Description samples from packages in group:

  • powerful image loading and rendering library
  • Imlib2 development files
Latest version: 1.4.4-1ubuntu0.1
Release: precise (12.04)
Level: security
Repository: main

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Other versions of "imlib2" in Precise

Repository Area Version
base main 1.4.4-1build1
updates main 1.4.4-1ubuntu0.1

Packages in group

Deleted packages are displayed in grey.


Changelog

Version: 1.4.4-1ubuntu0.1 2016-09-09 01:06:45 UTC

  imlib2 (1.4.4-1ubuntu0.1) precise-security; urgency=medium

  * SECURITY UPDATE: denial of service (divide-by-zero) via drawing
    a 2x1 ellipse.
    - debian/patches/debian/patches/009_CVE-2011-5326.patch: ensure
      denominators are not zero.
    - CVE-2011-5326
  * SECURITY UPDATE: denial of service (segmentation fault) via a
    GIF image without a colormap.
    - debian/patches/debian/patches/006_CVE-2014-9762.patch: return
      error if no colormap.
    - CVE-2014-9762
  * SECURITY UPDATE: denial of service (divide-by-zero) handling
    PNM files.
    - debian/patches/debian/patches/007_CVE-2014-9763.patch: ensure
      denominators are not zero.
    - CVE-2014-9763
  * SECURITY UPDATE: denial of service (segmentation fault) handling
    certain GIF images
    - debian/patches/debian/patches/008_CVE-2014-9764.patch: check
      for NULL.
    - CVE-2014-9764
  * SECURITY UPDATE: integer overflow leading to denial of service
    - debian/patches/debian/patches/010_CVE-2014-9771.patch: reduce
      maximum allowed image dimensions.
    - CVE-2014-9771
  * SECURITY UPDATE: denial of service due to out-of-bounds read.
    - debian/patches/debian/patches/011_CVE-2016-3993.patch: check
      boundary condition before reading array element.
    - CVE-2016-3993
  * SECURITY UPDATE: out-of-bounds read handling GIFs leading to denial
    of service or information disclosure.
    - debian/patches/debian/patches/012_CVE-2016-3994.patch: ensure
      colormap limits are honored.
    - CVE-2016-3994
  * SECURITY UPDATE: different integer overflow on 32 bit arches
    leading to a denial of service
    - debian/patches/debian/patches/013_CVE-2016-4024.patch: reduce
      allowed dimensions even further.
    - CVE-2016-4024

 -- Steve Beattie <email address hidden> Thu, 01 Sep 2016 12:59:21 -0700
CVE-2011-5326 imlib2 before 1.4.9 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) by drawing a 2x1 ellipse.
CVE-2014-9762 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.
CVE-2014-9763 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.
CVE-2014-9764 imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.
CVE-2014-9771 Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted
CVE-2016-3993 Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (ou
CVE-2016-3994 The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a
CVE-2016-4024 Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which


About   -   Send Feedback to @ubuntu_updates