CVE-2006-4809 | Vulnerability Database | Aqua Security

Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.

Affected Software

Name	Vendor	Start Version	End Version
Imlib2	Enlightenment	1.0 (including)	1.0 (including)
Imlib2	Enlightenment	1.0.1 (including)	1.0.1 (including)
Imlib2	Enlightenment	1.0.2 (including)	1.0.2 (including)
Imlib2	Enlightenment	1.0.3 (including)	1.0.3 (including)
Imlib2	Enlightenment	1.0.4 (including)	1.0.4 (including)
Imlib2	Enlightenment	1.0.5 (including)	1.0.5 (including)
Imlib2	Enlightenment	1.1 (including)	1.1 (including)
Imlib2	Enlightenment	1.1.1 (including)	1.1.1 (including)
Imlib2	Enlightenment	1.1.2 (including)	1.1.2 (including)
Imlib2	Ubuntu	dapper	*
Imlib2	Ubuntu	edgy	*
Imlib2	Ubuntu	upstream	*

References

http://secunia.com/advisories/22732
http://secunia.com/advisories/22744
http://secunia.com/advisories/22752
http://secunia.com/advisories/22932
http://secunia.com/advisories/23441
http://security.gentoo.org/glsa/glsa-200612-20.xml
http://www.discontinuity.info/~rowan/pocs/libimlib2_pocs-1.2.0-2.2.tar.gz
http://www.mandriva.com/security/advisories?name=MDKSA-2006:198
http://www.mandriva.com/security/advisories?name=MDKSA-2007:156
http://www.novell.com/linux/security/advisories/2006_26_sr.html
http://www.osvdb.org/30104
http://www.securityfocus.com/bid/20903
http://www.ubuntu.com/usn/usn-376-1
http://www.ubuntu.com/usn/usn-376-2
http://www.vupen.com/english/advisories/2006/4349
https://exchange.xforce.ibmcloud.com/vulnerabilities/30070

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-4809
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html