CVE-2006-4807

Description

loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.

How to fix CVE-2006-4807

To remediate CVE-2006-4807, upgrade the affected package to a fixed version below.

• Debian/imlib2—upgrade to 1.3.0.0debian1-3 or later

Is CVE-2006-4807 being exploited?

Low — EPSS is 3.3%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.3.0.0debian1-3

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2006-4807