id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	blocking	blockedby
136	imlib 1.4.2 security bug in XPM loader	MarcusMeissner		"Hi,

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505714#15
has a pointer arithmentic problem + fix inb the XPM loader, which
might have security implications.

CVE Entry is:

Name: CVE-2008-5187
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5187
Reference: MLIST:[oss-security] 20081120 CVE Request: imlib2
Reference: URL:http://www.openwall.com/lists/oss-security/2008/11/20/5
Reference: SECUNIA:32796
Reference: URL:http://secunia.com/advisories/32796

The load function in the XPM loader for imlib2 1.4.2, and possibly
other versions, allows attackers to execute arbitrary code via a
crafted XPM file that triggers a ""pointer arithmetic error"" and a
heap-based buffer overflow, a different vulnerability than
CVE-2008-2426.  NOTE: the provenance of this information is unknown;
the details are obtained solely from third party information."	Bug	closed	Blocker		imlib2	Fixed