[3.1] imlib2: Security issues (CVE-2011-5326, CVE-2016-3993, CVE-2016-3994)
CVE-2011-5326 : divide by zero on 2x1 ellipse
A vulnerability was found in imlib2. Attempting to draw a 2x1 radi ellipse with imlib_image_draw_ellipse() will result in a floating point exception.
References:
http://rpmfind.net/linux/RPM/mageia/5/x86\_64/media/core/updates\_testing/imlib2-data-1.4.8-1.mga5.x86\_64.html
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2011-5326
Patch:
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=c94d83ccab15d5ef02f88d42dce38ed3f0892882
CVE-2016-3993: off by one error in MergeUpdate
A vulnerability was found in imlib2 library. Drawing using coordinates from untrusted source may result in an application crash.
References:
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-3993
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819818
Patch:
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=ce94edca1ccfbe314cb7cd9453433fad404ec7ef
CVE-2016-3994: out of bound read in GIF loader
A vulnerability was found in a way imlib2 processes GIF files. A specially crafted file could cause the imlib2 to crash, or even expose some of the host memory.
References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=785369
https://bugzilla.redhat.com/show\_bug.cgi?id=CVE-2016-3994
Patch:
https://git.enlightenment.org/legacy/imlib2.git/commit/?id=37a96801663b7b4cd3fbe56cc0eb8b6a17e766a8
(from redmine: issue id 5417, created on 2016-04-14, closed on 2016-06-15)
- Relations:
- parent #5413 (closed)
- Changesets:
- Revision 4ea0783d by Natanael Copa on 2016-06-14T09:55:54Z:
main/imlib2: security upgrade to 1.4.8
CVE-2011-5326
CVE-2016-3993
CVE-2016-3994
fixes #5417
(cherry picked from commit b0f10b0622fc0c598162982373d9e50073c8fee0)
Signed-off-by: Leonardo Arena <rnalrd@alpinelinux.org>