Lucene search

ROSA LABROSA-SA-2021-1854

HistoryJul 02, 2021 - 5:05 p.m.

Advisory ROSA-SA-2021-1854

2021-07-0217:05:29

ROSA LAB

abf.rosalinux.ru

imlib2

cobalt 7.9

denial of service

remote attackers

segmentation error

integer overflow

application crash

sensitive information

heap memory

arbitrary code execution

memory consumption

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.065

Percentile

93.8%

JSON

Software: imlib2 1.4.5
OS: Cobalt 7.9

CVE-ID: CVE-2011-5326
CVE-Crit: HIGH
CVE-DESC: imlib2 before 1.4.9 allows remote attackers to cause a denial of service (division-by-zero error and application crash) by drawing a 2x1 ellipse.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9762
CVE-Crit: HIGH
CVE-DESC: imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation error) via a GIF image without a color map.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9763
CVE-Crit: HIGH
CVE-DESC: imlib2 before 1.4.7 allows remote attackers to cause a denial of service (division-by-zero error and application failure) via a crafted PNM file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9764
CVE-Crit: HIGH
CVE-DESC: imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation error) via a crafted GIF file.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2014-9771
CVE-Crit: HIGH
CVE-DESC: integer overflow in imlib2 before version 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, causing an invalid read operation.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3993
CVE-Crit: HIGH
CVE-DESC: Off-by-one bug in __imlib_MergeUpdate function in lib / updates.c in imlib2 before version 1.4.9 allows remote attackers to cause a denial of service (read out of range and application crash) via created coordinates.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2016-3994
CVE-Crit: HIGH
CVE-DESC: GIF loader in imlib2 before version 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via the generated image, causing reads outside the valid range.
CVE-STATUS: Default
CVE-REV: Default

CVE-ID: CVE-2016-4024
CVE-Crit: CRITICAL
CVE-DESC: Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code with large image sizes, which triggers a heap memory write operation outside the valid range.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchimlib2< 1.4.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	imlib2	< 1.4.5	UNKNOWN

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

High

EPSS

0.065

Percentile

93.8%

JSON

Related for ROSA-SA-2021-1854