The GNOME graphical user interface project this week released a patch for imlib, a basic library used in many image-viewing applications. The bug was first identified late last month by Novell SuSE Linux's Marcus Meissner, but was not thought to be serious. Later, developers realized the problem could be exploited to cause a buffer overflow and execute malicious code if a user viewed a graphic in any imlib-based application, for example a Web browser.
Imlib 1.x and imlib2 1.x are affected, researchers said. MandrakeSoft, Gentoo and other Linux vendors are releasing patches for the flaw.
The bug is related to a graphics-processing vulnerability publicized last month in Qt, a software toolkit used in writing GUI applications using the X Window system in Unix and Linux, according to an advisory from Danish security firm Secunia. Security researcher Chris Evans discovered a bug in Qt's BMP decoder that could allow an attacker to use a specially crafted bitmap file to crash any application using the Qt BMP decoder, potentially also executing malicious code.
The link for this article located at Matthew Broersma is no longer available.
