CVE-2008-5187
imlib2 - arbitrary code execution
EPSS 2.0%
Description
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-based buffer overflow, a different vulnerability than CVE-2008-2426.
How to fix CVE-2008-5187
To remediate CVE-2008-5187, upgrade the affected package to a fixed version below.
- Debian/imlib2—upgrade to 1.4.0-1.2 or later
- Debian/imlib2—upgrade to 1.3.0.0debian1-4+etch2 or later
Is CVE-2008-5187 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.0-1.2
- from 0, < 1.3.0.0debian1-4+etch2