Arch Linux Security Advisory ASA-201605-1
========================================
Severity: High
Date    : 2016-05-01
CVE-ID  : CVE-2011-5326 CVE-2016-3993 CVE-2016-3994 CVE-2016-4024
Package : imlib2
Type    : multiple issues
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package imlib2 before version 1.4.9-1 is vulnerable to multiple
issues that can lead to information leakage, application crash or
arbitrary code execution.

Resolution
=========
Upgrade to 1.4.9-1.

# pacman -Syu "imlib2>=1.4.9-1"

The problems have been fixed upstream in version 1.4.9.

Workaround
=========
None.

Description
==========
- CVE-2011-5326 (denial of service)

Kevin Ryde discovered that attempting to draw a 2x1 radi ellipse results
in a floating point exception.

- CVE-2016-3993 (information leakage)

Yuriy M. Kaminskiy discovered that drawing using coordinates from an
untrusted source could lead to an out-of-bound memory read, which in
turn could result in an application crash.

- CVE-2016-3994 (information Leakage)

Jakub Wilk discovered that a malformed image could lead to an
out-of-bound read in the GIF loader, which may result in an application
crash or information leak.

- CVE-2016-4024 (arbitrary code execution)

Yuriy M. Kaminskiy discovered an integer overflow that could lead to an
insufficient heap allocation and out-of-bound memory write.

Impact
=====
An attacker can leverage vulnerable library calls in imlib2 to crash an
application, or read/write to the application's memory. This can lead to
potential information leak or modification of the application's flow.

References
=========
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-5326
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3994
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4021