CVE-2008-5187

EPSS 2.0%

imlib2 - arbitrary code execution

Published: 11/21/2008Modified: 4/28/2026

Also known as:DEBIAN-CVE-2008-5187

Description

The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.

Affected packages (2)

Debian/imlib2from 0, < 1.4.0-1.2
Debian/imlib2from 0, < 1.3.0.0debian1-4+etch2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-5187