CVE-2008-2426

Name	CVE-2008-2426
Description	Multiple stack-based buffer overflows in Imlib 2 (aka imlib2) 1.4.0 allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via (1) a PNM image with a crafted header, related to the load function in src/modules/loaders/loader_pnm.c; or (2) a crafted XPM image, related to the load function in src/modules/loader_xpm.c.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DSA-1594-1
Debian Bugs	483816

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
imlib2 (PTS)	bullseye	1.7.1-2+deb11u1	fixed
	bookworm	1.10.0-4+deb12u1	fixed
	sid, trixie	1.12.1-1.1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency	Origin	Debian Bugs
imlib	source	(unstable)	(not affected)
imlib2	source	etch	1.3.0.0debian1-4+etch1		DSA-1594-1
imlib2	source	(unstable)	1.4.0-1.1	medium		483816

- imlib <not-affected> (Partly not present / partly fixed)