CVE-2016-4024 in Ubuntu

CVE-2016-4024

Priority

Description

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote
attackers to execute arbitrary code via large dimensions in an image, which
triggers an out-of-bounds heap memory write operation.

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4024
http://www.openwall.com/lists/oss-security/2016/04/14/5
https://ubuntu.com/security/notices/USN-3075-1

Notes

Package

Source: imlib2 (LP Ubuntu Debian)

Upstream:	released (1.4.8-1)
Ubuntu 14.04 ESM:	released (1.4.6-2ubuntu0.1)
Ubuntu 20.04 FIPS Compliant:	not-affected (1.4.8-1)

Patches:

Upstream:

https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2022-04-13 12:19:33 UTC (commit f411bd370d482ef4385c4e751d121a4055fbc009)