Bugzilla – Bug 974202
VUL-1: CVE-2011-5326: imlib2: divide by 0 when drawing an ellipse of height 1
Last modified: 2020-05-12 17:51:03 UTC
if a b value of 1 is passed to _imlib_Ellipse_DrawToData it will trigger a div by 0 will be triggered. No applications in SLED currently use this API as far as I can tell, conky and feh both only use the image loader api's. This could be triggered in a 3rd party and may be a potential DOS attack if the function parses user input.
Upstream commit is: https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
CVE-2011-5326
bugbot adjusting priority
openSUSE-SU-2016:1330-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 963796,963797,963800,973759,973761,974202,974854,975703 CVE References: CVE-2011-5326,CVE-2014-9762,CVE-2014-9763,CVE-2014-9764,CVE-2014-9771,CVE-2016-3993,CVE-2016-3994,CVE-2016-4024 Sources used: openSUSE 13.2 (src): imlib2-1.4.9-17.4.1
SUSE-SU-2016:1481-1: An update that solves 5 vulnerabilities and has one errata is now available. Category: security (moderate) Bug References: 963797,963800,973759,973761,974202,977538 CVE References: CVE-2011-5326,CVE-2014-9763,CVE-2014-9764,CVE-2016-3993,CVE-2016-3994 Sources used: SUSE Linux Enterprise Software Development Kit 11-SP4 (src): imlib2-1.4.2-2.20.1 SUSE Linux Enterprise Debuginfo 11-SP4 (src): imlib2-1.4.2-2.20.1
both releases for openSUSE/SUSE were made, I think this is a fixed bug that still leaves open. just occasionally be here when searching something on bugzilla.
it was overlook. closing