USN-3075-1
- Source
- https://ubuntu.com/security/notices/USN-3075-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3075-1.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/USN-3075-1
- Upstream
- Related
- Published
- 2016-09-09T03:48:22.294643Z
- Modified
- 2025-10-13T04:34:18Z
- Summary
- imlib2 vulnerabilities
- Details
-
Jakub Wilk discovered an out of bounds read in the GIF loader implementation in Imlib2. An attacker could use this to cause a denial of service (application crash) or possibly obtain sensitive information. (CVE-2016-3994)
Yuriy M. Kaminskiy discovered an off-by-one error when handling coordinates in Imlib2. An attacker could use this to cause a denial of service (application crash). (CVE-2016-3993)
Yuriy M. Kaminskiy discovered that integer overflows existed in Imlib2 when handling images with large dimensions. An attacker could use this to cause a denial of service (memory exhaustion or application crash). (CVE-2014-9771, CVE-2016-4024)
Kevin Ryde discovered that the ellipse drawing code in Imlib2 would attempt to divide by zero when drawing a 2x1 ellipse. An attacker could use this to cause a denial of service (application crash). (CVE-2011-5326)
It was discovered that Imlib2 did not properly handled GIF images without colormaps. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9762)
It was discovered that Imlib2 did not properly handle some PNM images, leading to a division by zero. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9763)
It was discovered that Imlib2 did not properly handle error conditions when loading some GIF images. An attacker could use this to cause a denial of service (application crash). This issue only affected Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. (CVE-2014-9764)
- References
-
- https://ubuntu.com/security/notices/USN-3075-1
- https://ubuntu.com/security/CVE-2011-5326
- https://ubuntu.com/security/CVE-2014-9762
- https://ubuntu.com/security/CVE-2014-9763
- https://ubuntu.com/security/CVE-2014-9764
- https://ubuntu.com/security/CVE-2014-9771
- https://ubuntu.com/security/CVE-2016-3993
- https://ubuntu.com/security/CVE-2016-3994
- https://ubuntu.com/security/CVE-2016-4024
Affected packages
Ubuntu:14.04:LTS / imlib2
Package
- Name
- imlib2
- Purl
- pkg:deb/ubuntu/imlib2@1.4.6-2ubuntu0.1?arch=source&distro=trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.6-2ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.4.6-2ubuntu0.1",
"binary_name": "libimlib2"
},
{
"binary_version": "1.4.6-2ubuntu0.1",
"binary_name": "libimlib2-dev"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2011-5326"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2014-9762"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2014-9763"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
],
"id": "CVE-2014-9764"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2014-9771"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2016-3993"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2016-3994"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2016-4024"
}
],
"ecosystem": "Ubuntu:14.04:LTS"
}
Ubuntu:16.04:LTS / imlib2
Package
- Name
- imlib2
- Purl
- pkg:deb/ubuntu/imlib2@1.4.7-1ubuntu0.1?arch=source&distro=xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.4.7-1ubuntu0.1
Ecosystem specific
{
"availability": "No subscription required",
"binaries": [
{
"binary_version": "1.4.7-1ubuntu0.1",
"binary_name": "libimlib2"
},
{
"binary_version": "1.4.7-1ubuntu0.1",
"binary_name": "libimlib2-dev"
}
]
}
Database specific
cves_map
{
"cves": [
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2011-5326"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2016-3993"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2016-3994"
},
{
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"id": "CVE-2016-4024"
}
],
"ecosystem": "Ubuntu:16.04:LTS"
}