CVE-2024-25447

An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 27%
VendorProductVersion
enlightenmentimlib2
1.9.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imlib2
bullseye
1.7.1-2+deb11u1
fixed
buster
not-affected
bookworm
1.10.0-4+deb12u1
fixed
sid
1.12.4-2
fixed
trixie
1.12.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imlib2
plucky
not-affected
oracular
not-affected
noble
not-affected
mantic
not-affected
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
Common Weakness Enumeration
References
https://git.enlightenment.org/old/legacy-imlib2/issues/20
https://github.com/derf/feh/issues/709
https://git.enlightenment.org/old/legacy-imlib2/issues/20
https://github.com/derf/feh/issues/709