CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 18%
VendorProductVersion
enlightenmentimlib2
1.9.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
imlib2
bullseye
1.7.1-2+deb11u1
fixed
buster
not-affected
bookworm
1.10.0-4+deb12u1
fixed
sid
1.12.4-2
fixed
trixie
1.12.4-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
imlib2
plucky
needs-triage
oracular
needs-triage
noble
needs-triage
mantic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
trusty
needs-triage
References
https://git.enlightenment.org/old/legacy-imlib2/issues/20
https://github.com/derf/feh/issues/712
https://git.enlightenment.org/old/legacy-imlib2/issues/20
https://github.com/derf/feh/issues/712