Open-source developers have warned of serious security holes in two Linux components that could allow attackers to take over a system by tricking a user into viewing a specially-crafted image file or opening an archive. Patches exist for the bugs, which affect LHA and imlib.
Imlib, a library for graphics-viewing applications used in the Gnome graphical user environment, contains a bug that could allow the execution of malicious code when a user views a specially crafted bitmap image file, according to Marcus Meissner of Novell's Suse Linux. The vulnerability is due to a boundary error in the decoding of runlength-encoded bitmap images, which can be exploited to cause a buffer overflow, according to an advisory from Danish security firm Secunia, which maintains a vulnerabilities database.
The link for this article located at Matthew Broersma, Techworld is no longer available.
