Skip to main content

Imlib2 CVE-2020-12761

CRITICAL
Out-of-bounds Read (CWE-125)
2020-05-09 cve@mitre.org
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
May 09, 2020 - 18:15 nvd
CRITICAL 9.1

DescriptionNVD

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

AnalysisAI

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map. Affected products include: Enlightenment Imlib2.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.

More in Imlib2

View all
CVE-2024-25450 HIGH POC
8.8 Feb 09

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts(). Rated high severity (CVS

CVE-2024-25448 HIGH POC
8.8 Feb 09

An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow

CVE-2024-25447 HIGH POC
8.8 Feb 09

An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer ove

CVE-2016-4024 CRITICAL
9.8 May 13

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large

CVE-2016-3994 HIGH
8.2 May 13

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain

CVE-2014-9762 HIGH
7.5 May 13

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a

CVE-2014-9763 HIGH
7.5 May 13

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) vi

CVE-2014-9764 HIGH
7.5 May 13

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file. Ra

CVE-2014-9771 HIGH
7.5 May 13

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or appl

CVE-2016-3993 HIGH
7.5 May 13

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to

Share

CVE-2020-12761 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy