Integer Overflow Vulnerability in Imlib2 Affected by Memory Allocation Issues
CVE-2020-12761

9.1CRITICAL

Key Information:

Vendor: Enlightenment
Status: Imlib2
Vendor: CVE Published:; 9 May 2020

Summary

The Imlib2 image loading library version 1.6.0 is susceptible to an integer overflow vulnerability found in the loader for ICO files. This vulnerability occurs when processing an icon containing numerous colors in its color map, leading to invalid memory allocations and out-of-bounds read operations. Attackers can exploit this flaw to potentially manipulate the application's behavior or expose sensitive data.

References

https://git.enlightenment.org/legacy/imlib2.git/commit/?i...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 9, 2020
Vulnerability Reserved
May 9, 2020