CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2016-4024

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0000%
EPSS Percentile5.88th
Published2016年5月13日
Last Modified2026年5月6日

Vulnerability Description

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

Affected Platforms (CPE)

📦
Enlightenment

Imlib2

<= 1.4.8
💻
Debian

Debian Linux

= 7.0
💻
Debian

Debian Linux

= 8.0
💻
Opensuse

Opensuse

= 13.2

References & Advisories

🔗 http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html
🔗 http://www.debian.org/security/2016/dsa-3555
🔗 http://www.securityfocus.com/bid/86073
🔗 http://www.securitytracker.com/id/1035573
🔗 https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
🔗 https://security.gentoo.org/glsa/201611-12
🔗 https://sourceforge.net/p/enlightenment/mailman/message/35055012/
🔗 http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html

相關漏洞威脅

CVE-2008-607910.0

imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4...

CVE-2008-24269.3

Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of serv...

CVE-2020-127619.1

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds ...

CVE-2016-39948.2

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive...