CyberSec.Space Logo
Back to CVE Browser

CVE-2008-2426

CRITICAL
9.3
CVSS Severity Score
EPSS Score0.1150%
EPSS Percentile24.96th
PublishedJun 2, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.

Affected Platforms (CPE)

πŸ“¦
Carsten Haitzler

Imlib2

= 1.4.0

References & Advisories

πŸ”— http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
πŸ”— http://secunia.com/advisories/30401
πŸ”— http://secunia.com/advisories/30485
πŸ”— http://secunia.com/advisories/30572
πŸ”— http://secunia.com/advisories/30727
πŸ”— http://secunia.com/advisories/31982
πŸ”— http://secunia.com/secunia_research/2008-25/advisory/
πŸ”— http://securitytracker.com/id?1020146

Related Vulnerabilities

CVE-2008-607910.0

imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4...

CVE-2016-40249.8

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions...

CVE-2020-127619.1

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds ...

CVE-2016-39948.2

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive...