CVE-2006-4806

Description

Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.

How to fix CVE-2006-4806

To remediate CVE-2006-4806, upgrade the affected package to a fixed version below.

• Debian/imlib2—upgrade to 1.3.0.0debian1-3 or later

Is CVE-2006-4806 being exploited?

Moderate — EPSS is 10.2%. Track this CVE but it's not at the top of the prioritisation list.

Affected packages (1)

• from 0, < 1.3.0.0debian1-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4806