CVE-2016-4024

NONE EPSS 92.3%
Published May 13, 201610y ago · Modified Jun 17, 20262w ago
Find Similar
Published May 13, 2016 10y ago
Last Modified Jun 17, 2026 2w ago

Description

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

Threat Intelligence

EPSS Exploit Probability
92.3% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 1

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer Memory Safety

Affected Products 4

VendorProductVersionRange
enlightenmentimlib2* ≤1.4.8
debiandebian_linux7.0any
debiandebian_linux8.0any
opensuseopensuse13.2any

References 7

  • lists.opensuse.org http://lists.opensuse.org/opensuse-updates/2016-05/msg00076.html
    Third Party Advisory
  • debian.org http://www.debian.org/security/2016/dsa-3555
    Third Party Advisory
  • securityfocus.com http://www.securityfocus.com/bid/86073
    Third Party AdvisoryVDB Entry
  • securitytracker.com http://www.securitytracker.com/id/1035573
    Third Party AdvisoryVDB Entry
  • git.enlightenment.org https://git.enlightenment.org/legacy/imlib2.git/commit/?id=7eba2e4c8ac0e20838947f10f29d0efe1add8227
    Vendor Advisory
  • security.gentoo.org https://security.gentoo.org/glsa/201611-12
    Third Party Advisory
  • sourceforge.net https://sourceforge.net/p/enlightenment/mailman/message/35055012/
    PatchVendor Advisory

Remediation

  • sourceforge.net https://sourceforge.net/p/enlightenment/mailman/message/35055012/
    PatchVendor Advisory