COMMAND

	heap corruption in imlib

SYSTEMS AFFECTED

	all versions prior imlib 1.9.13

PROBLEM

	Accordingly with Connectiva Linux Security announcement CLA-2002:470 :
	

	Imlib is a library that allows X11 programs to  use  images  of  various
	file formats.
	 

	Alan Cox discovered some situations where a heap  corruption  may  occur
	when processing some malformed image.
	

	Al Viro found that imlib was falling back to  the  NetPBM  library  when
	processing some kind of images, but NetPBM is not  suitable  to  process
	untrusted image input.
	 

	An attacker could use a crafted image to exploit  a  program  linked  to
	imlib (like a mailer program or an image viewer)  and  cause  a  DoS  or
	even remote code execution.

SOLUTION

	Upgrade.