CVE-2006-4808 | Vulnerability Database | Aqua Security

Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.

Affected Software

Name	Vendor	Start Version	End Version
Imlib2	Enlightenment	1.0 (including)	1.0 (including)
Imlib2	Enlightenment	1.0.1 (including)	1.0.1 (including)
Imlib2	Enlightenment	1.0.2 (including)	1.0.2 (including)
Imlib2	Enlightenment	1.0.3 (including)	1.0.3 (including)
Imlib2	Enlightenment	1.0.4 (including)	1.0.4 (including)
Imlib2	Enlightenment	1.0.5 (including)	1.0.5 (including)
Imlib2	Enlightenment	1.1 (including)	1.1 (including)
Imlib2	Enlightenment	1.1.1 (including)	1.1.1 (including)
Imlib2	Enlightenment	1.1.2 (including)	1.1.2 (including)
Imlib2	Ubuntu	dapper	*
Imlib2	Ubuntu	edgy	*
Imlib2	Ubuntu	upstream	*

References

http://secunia.com/advisories/22732
http://secunia.com/advisories/22744
http://secunia.com/advisories/22752
http://secunia.com/advisories/22932
http://secunia.com/advisories/23441
http://security.gentoo.org/glsa/glsa-200612-20.xml
http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz
http://www.mandriva.com/security/advisories?name=MDKSA-2006:198
http://www.mandriva.com/security/advisories?name=MDKSA-2007:156
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.osvdb.org/30103
http://www.securityfocus.com/bid/20903
http://www.ubuntu.com/usn/usn-376-1
http://www.ubuntu.com/usn/usn-376-2
http://www.vupen.com/english/advisories/2006/4349
https://exchange.xforce.ibmcloud.com/vulnerabilities/30068
http://secunia.com/advisories/22732
http://secunia.com/advisories/22744
http://secunia.com/advisories/22752
http://secunia.com/advisories/22932
http://secunia.com/advisories/23441
http://security.gentoo.org/glsa/glsa-200612-20.xml
http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz
http://www.mandriva.com/security/advisories?name=MDKSA-2006:198
http://www.mandriva.com/security/advisories?name=MDKSA-2007:156
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.osvdb.org/30103
http://www.securityfocus.com/bid/20903
http://www.ubuntu.com/usn/usn-376-1
http://www.ubuntu.com/usn/usn-376-2
http://www.vupen.com/english/advisories/2006/4349
https://exchange.xforce.ibmcloud.com/vulnerabilities/30068

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4808
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html