Bugzilla – Bug 975703
VUL-0: CVE-2016-4024: imlib2: integer overflow resulting in insufficient heap allocation
Last modified: 2020-03-18 18:16:29 UTC
CVE-2016-4024 an integer overflow in imlib2, which result in insufficient heap allocation. https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227 there are a lot of code that allocates image data with something like malloc(w * h * sizeof(DATA32)); Obviously, on 32-bit machines this results in integer overflow, insufficient heap allocation, with [massive] out-of-bounds heap overwrite. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4024 http://seclists.org/oss-sec/2016/q2/79
bugbot adjusting priority
openSUSE-SU-2016:1330-1: An update that fixes 8 vulnerabilities is now available. Category: security (moderate) Bug References: 963796,963797,963800,973759,973761,974202,974854,975703 CVE References: CVE-2011-5326,CVE-2014-9762,CVE-2014-9763,CVE-2014-9764,CVE-2014-9771,CVE-2016-3993,CVE-2016-3994,CVE-2016-4024 Sources used: openSUSE 13.2 (src): imlib2-1.4.9-17.4.1
sle not affected, so we can close