cvelistv5 - cve-2006-4809

CVE-2006-4809 (GCVE-0-2006-4809)

Vulnerability from cvelistv5

Published

2006-11-07 00:00

Modified

2024-08-07 19:23

Severity ?

CWE

Summary

Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.

References

URL

Tags

	http://secunia.com/advisories/22932	third-party-advisory, x_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=MDKSA-2007:156	vendor-advisory, x_refsource_MANDRIVA
	http://secunia.com/advisories/22752	third-party-advisory, x_refsource_SECUNIA
	https://exchange.xforce.ibmcloud.com/vulnerabilities/30070	vdb-entry, x_refsource_XF
	http://www.mandriva.com/security/advisories?name=MDKSA-2006:198	vendor-advisory, x_refsource_MANDRIVA
	http://www.osvdb.org/30104	vdb-entry, x_refsource_OSVDB
	http://www.novell.com/linux/security/advisories/2006_26_sr.html	vendor-advisory, x_refsource_SUSE
	http://www.securityfocus.com/bid/20903	vdb-entry, x_refsource_BID
	http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz	x_refsource_MISC
	http://www.ubuntu.com/usn/usn-376-2	vendor-advisory, x_refsource_UBUNTU
	http://security.gentoo.org/glsa/glsa-200612-20.xml	vendor-advisory, x_refsource_GENTOO
	http://www.vupen.com/english/advisories/2006/4349	vdb-entry, x_refsource_VUPEN
	http://secunia.com/advisories/23441	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/22732	third-party-advisory, x_refsource_SECUNIA
	http://secunia.com/advisories/22744	third-party-advisory, x_refsource_SECUNIA
	http://www.ubuntu.com/usn/usn-376-1	vendor-advisory, x_refsource_UBUNTU

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T19:23:41.124Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "22932",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22932"
          },
          {
            "name": "MDKSA-2007:156",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
          },
          {
            "name": "22752",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22752"
          },
          {
            "name": "imlib2-loaderpnmc-bo(30070)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30070"
          },
          {
            "name": "MDKSA-2006:198",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
          },
          {
            "name": "30104",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/30104"
          },
          {
            "name": "SUSE-SR:2006:026",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
          },
          {
            "name": "20903",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/20903"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
          },
          {
            "name": "USN-376-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-376-2"
          },
          {
            "name": "GLSA-200612-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
          },
          {
            "name": "ADV-2006-4349",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2006/4349"
          },
          {
            "name": "23441",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/23441"
          },
          {
            "name": "22732",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22732"
          },
          {
            "name": "22744",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/22744"
          },
          {
            "name": "USN-376-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-376-1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-11-06T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-19T15:57:01.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "22932",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22932"
        },
        {
          "name": "MDKSA-2007:156",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:156"
        },
        {
          "name": "22752",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22752"
        },
        {
          "name": "imlib2-loaderpnmc-bo(30070)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/30070"
        },
        {
          "name": "MDKSA-2006:198",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:198"
        },
        {
          "name": "30104",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/30104"
        },
        {
          "name": "SUSE-SR:2006:026",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://www.novell.com/linux/security/advisories/2006_26_sr.html"
        },
        {
          "name": "20903",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/20903"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz"
        },
        {
          "name": "USN-376-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-376-2"
        },
        {
          "name": "GLSA-200612-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200612-20.xml"
        },
        {
          "name": "ADV-2006-4349",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2006/4349"
        },
        {
          "name": "23441",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/23441"
        },
        {
          "name": "22732",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22732"
        },
        {
          "name": "22744",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/22744"
        },
        {
          "name": "USN-376-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-376-1"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2006-4809",
    "datePublished": "2006-11-07T00:00:00.000Z",
    "dateReserved": "2006-09-15T00:00:00.000Z",
    "dateUpdated": "2024-08-07T19:23:41.124Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2006-AVI-488

Vulnerability from certfr_avis

None

Description

Imlib2 est une bibliothèque de fonctions destinées à manipuler et afficher des images dans différents formats. Certaines applications dépendent de cette bibliothèque de fonction.

Des vulnérabilités affectent cette bibliothèque de fonctions. Elles peuvent être exploitées pour commettre un déni de service et potentiellement compromettre le système au travers des applications qui utilise cette bibliothèque.

Les vulnérabilités sont dûes à des erreurs dans le traitement d'images au format JPG, ARGB, PNG, LBM, PNM, TIFF et TGA.

L'exploitation peut être obtenue par un individu mal intentioné qui serait à même de convaincre une victime d'ouvrir une image astucieusement construite avec une application s'appuyant sur une version vulnérable de la bibliothèque.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Les versions de la bibliothèque de fonctions Imlib2 compilées à partir de sources antérieures à la version 1.2.0-2.2.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

CVE-2006-4806	None	vendor-advisory
CVE-2006-4807	None	vendor-advisory
CVE-2006-4809	None	vendor-advisory
CVE-2006-4808	None	vendor-advisory
Bulletin de sécurité Gentoo GLSA-200612-20 du 20 décembre 2006 :	-	other
Bulletin de sécurité Ubuntu USN-376-1 du 03 novembre 2006 :	-	other
Bulletin de sécurité SuSE SUSE-SR:2006:026 du 17 novembre 2006 :	-	other
Bulletin de sécurité Ubuntu USN-376-2 du 03 novembre 2006 :	-	other
Bulletin de sécurité Mandriva MDKSA-2006:198 du 06 novembre 2006 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eLes versions de la biblioth\u00e8que de fonctions \u003cTT\u003eImlib2\u003c/TT\u003e  compil\u00e9es \u00e0 partir de sources ant\u00e9rieures \u00e0 la version  1.2.0-2.2.\u003c/P\u003e",
  "content": "## Description\n\nImlib2 est une biblioth\u00e8que de fonctions destin\u00e9es \u00e0 manipuler et\nafficher des images dans diff\u00e9rents formats. Certaines applications\nd\u00e9pendent de cette biblioth\u00e8que de fonction.\n\nDes vuln\u00e9rabilit\u00e9s affectent cette biblioth\u00e8que de fonctions. Elles\npeuvent \u00eatre exploit\u00e9es pour commettre un d\u00e9ni de service et\npotentiellement compromettre le syst\u00e8me au travers des applications qui\nutilise cette biblioth\u00e8que.\n\nLes vuln\u00e9rabilit\u00e9s sont d\u00fbes \u00e0 des erreurs dans le traitement d\u0027images\nau format JPG, ARGB, PNG, LBM, PNM, TIFF et TGA.\n\nL\u0027exploitation peut \u00eatre obtenue par un individu mal intention\u00e9 qui\nserait \u00e0 m\u00eame de convaincre une victime d\u0027ouvrir une image\nastucieusement construite avec une application s\u0027appuyant sur une\nversion vuln\u00e9rable de la biblioth\u00e8que.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2006-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4806"
    },
    {
      "name": "CVE-2006-4809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4809"
    },
    {
      "name": "CVE-2006-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4807"
    },
    {
      "name": "CVE-2006-4808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4808"
    }
  ],
  "initial_release_date": "2006-11-09T00:00:00",
  "last_revision_date": "2006-12-21T00:00:00",
  "links": [
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA-200612-20 du 20 d\u00e9cembre    2006 :",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200612-20.xml"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-376-1 du 03 novembre 2006 :",
      "url": "http://www.ubuntulinux.org/usn/usn-376-1"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 SuSE SUSE-SR:2006:026 du 17 novembre    2006 :",
      "url": "http://lists.suse.com/archive/suse-security-announce/2006-Nov/0008.html"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-376-2 du 03 novembre 2006 :",
      "url": "http://www.ubuntulinux.org/usn/usn-376-2"
    },
    {
      "title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:198 du 06 novembre    2006 :",
      "url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:198"
    }
  ],
  "reference": "CERTA-2006-AVI-488",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2006-11-09T00:00:00.000000"
    },
    {
      "description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Gentoo.",
      "revision_date": "2006-12-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    }
  ],
  "summary": null,
  "title": "Vuln\u00e9riabilit\u00e9s dans la biblioth\u00e8que imlib2",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "CVE-2006-4806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4806"
    },
    {
      "published_at": null,
      "title": "CVE-2006-4807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4807"
    },
    {
      "published_at": null,
      "title": "CVE-2006-4809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4809"
    },
    {
      "published_at": null,
      "title": "CVE-2006-4808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2006-4808"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2006-4809 (GCVE-0-2006-4809)

Vulnerability from cvelistv5

CERTA-2006-AVI-488

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature