CVE-2020-12761

CRITICAL

9.1

CVSS Severity Score

EPSS Score0.1790%

EPSS Percentile32.35th

PublishedMay 9, 2020

Last ModifiedNov 21, 2024

Vulnerability Description

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

Affected Platforms (CPE)

📦

Enlightenment

Imlib2

= 1.6.0

References & Advisories

🔗 https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c95f938ff1effaf91729c050a0f1c8684da4dd63

Related Vulnerabilities

CVE-2008-607910.0

imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4...

CVE-2016-40249.8

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions...

CVE-2008-24269.3

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of serv...

CVE-2016-39948.2

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive...