CVE-2007-3568 - The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a deni

CVE-2007-3568

Summary

The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.

References

Vulnerable Configurations

cpe:2.3:a:imlib:imlib:*:*:*:*:*:*:*:*
cpe:2.3:a:imlib:imlib:*:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 29-07-2017 - 01:32)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

bid	24750
misc	http://www.securiteam.com/unixfocus/5WP030UM0W.html
osvdb	39016
sectrack	1018332
xf	dotclear-redacteur-xss(35325)

statements via4

contributor Vincent Danen
lastmodified 2007-09-17
organization Mandriva
statement Mandriva does not consider bugs which result in a user-assisted crash of end user applications to be a security issue.
contributor Joshua Bressers
lastmodified 2007-07-06
organization Red Hat
statement Red Hat does not consider bugs which result in a user-assisted crash of end user application to be a security issue.

Last major update

29-07-2017 - 01:32

Published

05-07-2007 - 19:30

Last modified

29-07-2017 - 01:32