MidnightBSD

Advisories for enlightenment

CVE-2002-0143 MEDIUM

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 2.1.0.1
enlightenment imlib 2.1.0.4
michael_jennings eterm 0.9.1
enlightenment imlib 2.0.01.0.0
enlightenment imlib 2.1.0.3
enlightenment imlib 2.1.0.2
CVE-2002-0167 HIGH

Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.4
enlightenment imlib 1.9.7
enlightenment imlib 1.9.12
enlightenment imlib 1.9.5
enlightenment imlib 1.9.8
enlightenment imlib 1.9.3
enlightenment imlib 1.9.10
enlightenment imlib 1.9.2
enlightenment imlib 1.9.11
enlightenment imlib 1.9.1
enlightenment imlib 1.9
enlightenment imlib 1.9.6
enlightenment imlib 1.9.9
CVE-2002-0168 HIGH

Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib 1.9.4
enlightenment imlib 1.9.7
enlightenment imlib 1.9.12
enlightenment imlib 1.9.5
enlightenment imlib 1.9.8
enlightenment imlib 1.9.3
enlightenment imlib 1.9.10
enlightenment imlib 1.9.2
enlightenment imlib 1.9.11
enlightenment imlib 1.9.1
enlightenment imlib 1.9
enlightenment imlib 1.9.6
enlightenment imlib 1.9.9
CVE-2004-0802 MEDIUM

Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_desktop_system 2.0
enlightenment imlib 1.9.12
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_server 7.0
enlightenment imlib 1.9.13
enlightenment imlib 1.9.8
suse suse_linux 8.2
enlightenment imlib 1.9.10
enlightenment imlib 1.9.2
enlightenment imlib2 1.1.1
imagemagick imagemagick 5.4.4.5
suse suse_linux 9.0
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux_corporate_server 2.1
enlightenment imlib2 1.0.4
turbolinux turbolinux_server 8.0
suse suse_linux 8.0
enlightenment imlib2 1.0.3
enlightenment imlib2 1.0.2
imagemagick imagemagick 6.0.2
enlightenment imlib2 1.0.1
enlightenment imlib 1.9.11
enlightenment imlib2 1.1
imagemagick imagemagick 5.3.3
imagemagick imagemagick 5.4.8.2.1.1.0
suse suse_linux 9.2
redhat fedora_core core_2.0
enlightenment imlib 1.9.4
redhat enterprise_linux_desktop 3.0
imagemagick imagemagick 5.5.3.2.1.2.0
suse suse_linux 8.1
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
redhat enterprise_linux 3.0
enlightenment imlib2 1.0
imagemagick imagemagick 5.5.7
suse suse_linux 9.1
enlightenment imlib 1.9
sun java_desktop_system 2003
turbolinux turbolinux_desktop 10.0
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.6
redhat fedora_core core_3.0
enlightenment imlib 1.9.7
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 2.1
enlightenment imlib 1.9.5
enlightenment imlib 1.9.14
redhat fedora_core core_1.0
enlightenment imlib 1.9.3
conectiva linux 10.0
imagemagick imagemagick 5.4.7
imagemagick imagemagick 5.5.6.0_2003-04-09
imagemagick imagemagick 5.4.8
enlightenment imlib 1.9.1
enlightenment imlib2 1.0.5
turbolinux turbolinux_workstation 7.0
imagemagick imagemagick 5.4.3
enlightenment imlib 1.9.9
CVE-2004-0817 HIGH

Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_desktop_system 2.0
enlightenment imlib 1.9.12
turbolinux turbolinux_workstation 8.0
turbolinux turbolinux_server 7.0
enlightenment imlib 1.9.13
enlightenment imlib 1.9.8
suse suse_linux 8.2
enlightenment imlib 1.9.10
enlightenment imlib 1.9.2
enlightenment imlib2 1.1.1
imagemagick imagemagick 5.4.4.5
suse suse_linux 9.0
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux_corporate_server 2.1
enlightenment imlib2 1.0.4
turbolinux turbolinux_server 8.0
suse suse_linux 8.0
enlightenment imlib2 1.0.3
enlightenment imlib2 1.0.2
imagemagick imagemagick 6.0.2
enlightenment imlib2 1.0.1
enlightenment imlib 1.9.11
enlightenment imlib2 1.1
imagemagick imagemagick 5.3.3
imagemagick imagemagick 5.4.8.2.1.1.0
suse suse_linux 9.2
redhat fedora_core core_2.0
enlightenment imlib 1.9.4
redhat enterprise_linux_desktop 3.0
imagemagick imagemagick 5.5.3.2.1.2.0
suse suse_linux 8.1
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
redhat enterprise_linux 3.0
enlightenment imlib2 1.0
imagemagick imagemagick 5.5.7
suse suse_linux 9.1
enlightenment imlib 1.9
sun java_desktop_system 2003
turbolinux turbolinux_desktop 10.0
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.6
redhat fedora_core core_3.0
enlightenment imlib 1.9.7
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 2.1
enlightenment imlib 1.9.5
enlightenment imlib 1.9.14
redhat fedora_core core_1.0
enlightenment imlib 1.9.3
conectiva linux 10.0
imagemagick imagemagick 5.4.7
imagemagick imagemagick 5.5.6.0_2003-04-09
imagemagick imagemagick 5.4.8
enlightenment imlib 1.9.1
enlightenment imlib2 1.0.5
turbolinux turbolinux_workstation 7.0
imagemagick imagemagick 5.4.3
enlightenment imlib 1.9.9
CVE-2004-0827 HIGH

Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
sun java_desktop_system 2.0
enlightenment imlib 1.9.12
enlightenment imlib 1.9.13
enlightenment imlib 1.9.8
suse suse_linux 8.2
enlightenment imlib 1.9.10
enlightenment imlib 1.9.2
enlightenment imlib2 1.1.1
imagemagick imagemagick 5.4.4.5
suse suse_linux 9.0
mandrakesoft mandrake_linux 9.2
mandrakesoft mandrake_linux_corporate_server 2.1
enlightenment imlib2 1.0.4
suse suse_linux 8.0
enlightenment imlib2 1.0.3
enlightenment imlib2 1.0.2
imagemagick imagemagick 6.0.2
enlightenment imlib2 1.0.1
turbolinux turbolinux server_8.0
turbolinux turbolinux desktop_10.0
enlightenment imlib 1.9.11
enlightenment imlib2 1.1
imagemagick imagemagick 5.3.3
imagemagick imagemagick 5.4.8.2.1.1.0
suse suse_linux 9.2
redhat fedora_core core_2.0
enlightenment imlib 1.9.4
redhat enterprise_linux_desktop 3.0
imagemagick imagemagick 5.5.3.2.1.2.0
suse suse_linux 8.1
turbolinux turbolinux workstation_8.0
conectiva linux 9.0
mandrakesoft mandrake_linux 10.0
redhat enterprise_linux 3.0
enlightenment imlib2 1.0
imagemagick imagemagick 5.5.7
suse suse_linux 9.1
turbolinux turbolinux server_7.0
enlightenment imlib 1.9
sun java_desktop_system 2003
turbolinux turbolinux workstation_7.0
ubuntu ubuntu_linux 4.1
enlightenment imlib 1.9.6
redhat fedora_core core_3.0
enlightenment imlib 1.9.7
redhat linux_advanced_workstation 2.1
redhat enterprise_linux 2.1
enlightenment imlib 1.9.5
enlightenment imlib 1.9.14
redhat fedora_core core_1.0
enlightenment imlib 1.9.3
conectiva linux 10.0
imagemagick imagemagick 5.4.7
imagemagick imagemagick 5.5.6.0_2003-04-09
imagemagick imagemagick 5.4.8
enlightenment imlib 1.9.1
enlightenment imlib2 1.0.5
imagemagick imagemagick 5.4.3
enlightenment imlib 1.9.9
CVE-2004-1025 HIGH

Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.3
gentoo linux *
enlightenment imlib 1.9.14
redhat linux 9.0
enlightenment imlib 1.9.13
CVE-2004-1026 HIGH

Multiple integer overflows in the image handler for imlib 1.9.14 and earlier, which is used by gkrellm and several window managers, allow remote attackers to cause a denial of service (application crash) and execute arbitrary code via certain image files.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
redhat linux 7.3
gentoo linux *
enlightenment imlib 1.9.14
redhat linux 9.0
enlightenment imlib 1.9.13
CVE-2010-0991 MEDIUM

Multiple heap-based buffer overflows in imlib2 1.4.3 allow context-dependent attackers to execute arbitrary code via a crafted (1) ARGB, (2) XPM, or (3) BMP file, related to the IMAGE_DIMENSIONS_OK macro in lib/image.h.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
enlightenment imlib2 1.4.3
CVE-2014-1845 MEDIUM

An unspecified setuid root helper in Enlightenment before 0.17.6 allows local users to gain privileges by leveraging failure to properly sanitize the environment.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
enlightenment enlightenment *
CVE-2014-1846 MEDIUM

Enlightenment before 0.17.6 might allow local users to gain privileges via vectors involving the gdb method.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
enlightenment enlightenment *
CVE-2014-9762 MEDIUM

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a GIF image without a colormap.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2014-9763 MEDIUM

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted PNM file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2014-9764 MEDIUM

imlib2 before 1.4.7 allows remote attackers to cause a denial of service (segmentation fault) via a crafted GIF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2014-9771 MEDIUM

Integer overflow in imlib2 before 1.4.7 allows remote attackers to cause a denial of service (memory consumption or application crash) via a crafted image, which triggers an invalid read operation.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2015-8971 MEDIUM

Terminology 0.7.0 allows remote attackers to execute arbitrary commands via escape sequences that modify the window title and then are written to the terminal, a similar issue to CVE-2003-0063.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-77,

Products Affected

Vendor Product Version
debian debian_linux 8.0
enlightenment terminology 0.7.0
CVE-2016-3993 MEDIUM

Off-by-one error in the __imlib_MergeUpdate function in lib/updates.c in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (out-of-bounds read and application crash) via crafted coordinates.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2016-3994 MEDIUM

The GIF loader in imlib2 before 1.4.9 allows remote attackers to cause a denial of service (application crash) or obtain sensitive information via a crafted image, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
debian debian_linux 7.0
CVE-2016-4024 HIGH

Integer overflow in imlib2 before 1.4.9 on 32-bit platforms allows remote attackers to execute arbitrary code via large dimensions in an image, which triggers an out-of-bounds heap memory write operation.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
enlightenment imlib2 *
debian debian_linux 8.0
opensuse opensuse 13.2
debian debian_linux 7.0
CVE-2018-20167 MEDIUM

Terminology before 1.3.1 allows Remote Code Execution because popmedia is mishandled, as demonstrated by an unsafe "cat README.md" command when \e}pn is used. A popmedia control sequence can allow the malicious execution of executable file formats registered in the X desktop share MIME types (/usr/share/applications). The control sequence defers unknown file types to the handle_unknown_media() function, which executes xdg-open against the filename specified in the sequence. The use of xdg-open for all unknown file types allows executable file formats with a registered shared MIME type to be executed. An attacker can achieve remote code execution by introducing an executable file and a plain text file containing the control sequence through a fake software project (e.g., in Git or a tarball). When the control sequence is rendered (such as with cat), the executable file will be run.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-74,

Products Affected

Vendor Product Version
enlightenment terminology *
CVE-2020-12761 MEDIUM

modules/loaders/loader_ico.c in imlib2 1.6.0 has an integer overflow (with resultant invalid memory allocations and out-of-bounds reads) via an icon with many colors in its color map.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.1 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H 3.9 5.2

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-190,

Products Affected

Vendor Product Version
enlightenment imlib2 1.6.0
CVE-2022-37706

enlightenment_sys in Enlightenment before 0.25.4 allows local users to gain privileges because it is setuid root, and the system library function mishandles pathnames that begin with a /dev/.. substring.

Products Affected

Vendor Product Version
enlightenment enlightenment *
CVE-2024-25447

An issue in the imlib_load_image_with_error_return function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.

Products Affected

Vendor Product Version
enlightenment imlib2 1.9.1
CVE-2024-25448

An issue in the imlib_free_image_and_decache function of imlib2 v1.9.1 allows attackers to cause a heap buffer overflow via parsing a crafted image.

Products Affected

Vendor Product Version
enlightenment imlib2 1.9.1
CVE-2024-25450

imlib2 v1.9.1 was discovered to mishandle memory allocation in the function init_imlib_fonts().

Products Affected

Vendor Product Version
enlightenment imlib2 1.9.1