VUPEN Security - Fedora Security Update Fixes imlib BMP File Denial of Service Weakness / Exploit (Security Advisories)

	Contact \| Site en Français

Vulnerabilities & Threats

VUPEN Security Advisories

Linux Security Advisories

Malware Advisories

Security Research

Threat Watch Blog

Zero-Day Monitor

Search Engine

Mailing List & RSS

>> Fedora Security Update Fixes imlib BMP File Denial of Service Weakness

Title : Fedora Security Update Fixes imlib BMP File Denial of Service Weakness
VUPEN ID : VUPEN/ADV-2007-4323
CVE ID : CVE-2007-3568
Rated as : Low Risk

Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-12-31

Technical Description

Receive VUPEN Security alerts in a Text format

Receive VUPEN Security alerts in a PDF format

Receive VUPEN Security alerts in an XML format

Receive VUPEN Security notifications by SMS

A vulnerability has been identified in Fedora, which could be exploited by attackers to cause a denial of service. This issue is caused by an error in the "_LoadBMP()" function within imlib when processing a BMP image with a Bits Per Page (BPP) value of 0, which could be exploited by attackers to crash a vulnerable application via a malicious image file.

Affected Products

Fedora 7
Fedora 8

Solution

Upgrade the affected packages :

6336ee4808204f2ae56a0618c3cb946706e24526 imlib-debuginfo-1.9.15-6.fc7.ppc64.rpm
ddb6df12a090ca795dba731178393951f20a9321 imlib-devel-1.9.15-6.fc7.ppc64.rpm
4a552dfdaf2086d127c1cf6db5cc46adec883f44 imlib-1.9.15-6.fc7.ppc64.rpm
21835c5207383131dcd69eac5d42f27f0f46d20f imlib-debuginfo-1.9.15-6.fc7.i386.rpm
cda384e95a121c73f6d766b8de00ec677ce3d9f1 imlib-devel-1.9.15-6.fc7.i386.rpm
c6f27d057f28948b9d898f8cda30008e0bbb1926 imlib-1.9.15-6.fc7.i386.rpm
3cf64319d9092e5aff514eac2f1f508c11aa1574 imlib-debuginfo-1.9.15-6.fc7.x86_64.rpm
44c4a61e57a10b41e45b6d361cf9f1912aed77aa imlib-devel-1.9.15-6.fc7.x86_64.rpm
895af98bdd04873650037bbd59e427797e712d8f imlib-1.9.15-6.fc7.x86_64.rpm
4259c89ddde6acd58f156070af40d8dcc3212904 imlib-debuginfo-1.9.15-6.fc7.ppc.rpm
99ab5c65a3cd142605152af77fb9d10f8db9b2ca imlib-devel-1.9.15-6.fc7.ppc.rpm
d8bc8651debe18e892c0db02df0d06622cbe9a17 imlib-1.9.15-6.fc7.ppc.rpm
cc202d54a58e464b0ce28f93665cabc31772b610 imlib-1.9.15-6.fc7.src.rpm

81993c0d805b221493bb24036ccae8e5209687d5 imlib-debuginfo-1.9.15-6.fc8.ppc64.rpm
e6d681cc1af89dce736be2876040805748aaefda imlib-devel-1.9.15-6.fc8.ppc64.rpm
55f4e7dc59b4ad327858af5741ed7a1ea7dbea84 imlib-1.9.15-6.fc8.ppc64.rpm
651d6e6b8639cfdee47a318538755694e0394275 imlib-debuginfo-1.9.15-6.fc8.i386.rpm
45a2b25a98ea786b0a9c2ae1007f132f74f7a7c2 imlib-devel-1.9.15-6.fc8.i386.rpm
41ed0ab7479a458b6e1d3b3e3b67d35310b3617d imlib-1.9.15-6.fc8.i386.rpm
d2251b17c23b1e21b00cd588da143356fddc95ab imlib-debuginfo-1.9.15-6.fc8.x86_64.rpm
22a12a4158488a7e196ebe6d84bee127e35ea5aa imlib-devel-1.9.15-6.fc8.x86_64.rpm
592a590e859912f9bada71b62c744d8177f5d75d imlib-1.9.15-6.fc8.x86_64.rpm
bedeec73d1bc9647bb592226cc23d21af1935f6a imlib-debuginfo-1.9.15-6.fc8.ppc.rpm
811539b74ad106b4161b54ebe4831ac6b66d2778 imlib-devel-1.9.15-6.fc8.ppc.rpm
6918dd5ca716ec05e8ce468cd11ce0feae3d39b0 imlib-1.9.15-6.fc8.ppc.rpm
a8f1978f1762fb9de957afc612b8f58df9f198f6 imlib-1.9.15-6.fc8.src.rpm

References

http://www.vupen.com/english/advisories/2007/4323
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00848.html
https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00811.html

Credits

Vulnerability reported by beSTORM.

ChangeLog

2007-12-31 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.

Vulnerability Alerting

Free 14-Day Trial

Latest News

>> 2009-06-10

VUPEN Security Research
Discovered Critical Flaws
in Adobe Acrobat and MS
Office Word

>> 2009-06-02

VUPEN Security Research
Discovered Critical Flaws
in ACDSee Products

>> 2009-05-22

VUPEN Discovered Two
Critical Vulnerabilities in
Novell GroupWise 8 / 7

>> 2009-05-12

Microsoft Patched 14
Office PowerPoint Flaws

>> 2009-04-28

Adobe Reader / Acrobat
Vulnerabilities Disclosed

More Informations