CVE-2008-6079
imlib2 - arbitrary code execution
EPSS 2.0%
Description
imlib2 before 1.4.2 allows context-dependent attackers to have an unspecified impact via a crafted (1) ARGB, (2) BMP, (3) JPEG, (4) LBM, (5) PNM, (6) TGA, or (7) XPM file, related to "several heap and stack based buffer overflows - partly due to integer overflows."
How to fix CVE-2008-6079
To remediate CVE-2008-6079, upgrade the affected package to a fixed version below.
- Debian/imlib2—upgrade to 1.4.2-1 or later
- Debian/imlib2—upgrade to 1.4.0-1.2+lenny1 or later
Is CVE-2008-6079 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.4.2-1
- from 0, < 1.4.0-1.2+lenny1