J-Security Center

Title: Imlib NetPBM Dependancy Vulnerability

Severity: MODERATE

Description:

Imlib is a library that allows for X11 programs to use images of various file formats. Imlib is used by a large number of graphics applications. NetPBM is a library of image manipulation routines, and is used by some versions of Imlib.

It has been reported that NetPBM is not suitable for processing untrusted image input. In circumstances where Imlib is being used to process untrusted input, and in turns falls back on NetPBM for some functionality, security issues may arise.

It should be noted that this vulnerability is exploitable through applications which use Imlib. The library itself cannot be exploited.

Affected Products:

  • Caldera OpenLinux Server 3.1.0
  • Caldera OpenLinux Server 3.1.1
  • Caldera OpenLinux Workstation 3.1.0
  • Caldera OpenLinux Workstation 3.1.1
  • Conectiva Linux 5.0.0
  • Conectiva Linux 5.1.0
  • Conectiva Linux 6.0.0
  • Conectiva Linux 7.0.0
  • Conectiva Linux 8.0.0
  • Conectiva Linux ecommerce
  • Conectiva Linux graficas
  • HP Secure OS software for Linux 1.0.0
  • Imlib Imlib 1.9.0
  • Imlib Imlib 1.9.1
  • Imlib Imlib 1.9.10
  • Imlib Imlib 1.9.11
  • Imlib Imlib 1.9.12
  • Imlib Imlib 1.9.2
  • Imlib Imlib 1.9.3
  • Imlib Imlib 1.9.4
  • Imlib Imlib 1.9.5
  • Imlib Imlib 1.9.6
  • Imlib Imlib 1.9.7
  • Imlib Imlib 1.9.8
  • Imlib Imlib 1.9.9
  • MandrakeSoft Corporate Server 1.0.1
  • MandrakeSoft Linux Mandrake 7.1.0
  • MandrakeSoft Linux Mandrake 7.2.0
  • MandrakeSoft Linux Mandrake 8.0.0
  • MandrakeSoft Linux Mandrake 8.0.0 ppc
  • MandrakeSoft Linux Mandrake 8.1.0
  • MandrakeSoft Linux Mandrake 8.1.0 ia64
  • MandrakeSoft Linux Mandrake 8.2.0
  • RedHat Linux 6.2.0
  • RedHat Linux 7.0.0
  • RedHat Linux 7.1.0
  • RedHat Linux 7.2.0
  • S.u.S.E. Linux 6.4.0
  • S.u.S.E. Linux 6.4.0 alpha
  • S.u.S.E. Linux 6.4.0 i386
  • S.u.S.E. Linux 6.4.0 ppc
  • S.u.S.E. Linux 7.0.0
  • S.u.S.E. Linux 7.0.0 alpha
  • S.u.S.E. Linux 7.0.0 i386
  • S.u.S.E. Linux 7.0.0 ppc
  • S.u.S.E. Linux 7.0.0 sparc
  • S.u.S.E. Linux 7.1.0
  • S.u.S.E. Linux 7.1.0 alpha
  • S.u.S.E. Linux 7.1.0 ppc
  • S.u.S.E. Linux 7.1.0 sparc
  • S.u.S.E. Linux 7.1.0 x86
  • S.u.S.E. Linux 7.2.0
  • S.u.S.E. Linux 7.2.0 i386
  • S.u.S.E. Linux 7.3.0
  • S.u.S.E. Linux 7.3.0 i386
  • S.u.S.E. Linux 7.3.0 ppc
  • S.u.S.E. Linux 7.3.0 sparc
  • S.u.S.E. Linux 8.0.0
  • S.u.S.E. Linux 8.0.0 i386

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.