Package: libimlib2 Version: 1.4.8-1 Tags: security Reading some crafted XPM files causes out-of-bounds reads.
To reproduce, rebuild the package with DEB_BUILD_OPTIONS='sanitize=+address nostrip' and run:
$ debian/tmp/usr/bin/imlib2_conv oob.xpm /dev/null ================================================================= ==981==ERROR: AddressSanitizer: heap-buffer-overflow on address 0xf5305c80 at pc 0xf582f533 bp 0xff972508 sp 0xff9724fc READ of size 1 at 0xf5305c80 thread T0 #0 0xf582f532 in load src/modules/loaders/loader_xpm.c:418 #1 0xf70ab49a in imlib_save_image src/lib/api.c:4606 #2 0x56596e08 in main src/bin/imlib2_conv.c:76 #3 0xf6ef0275 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18275) #4 0x56597185 (.../debian/tmp/usr/bin/imlib2_conv+0x1185) 0xf5305c80 is located 0 bytes to the right of 256-byte region [0xf5305b80,0xf5305c80) allocated by thread T0 here: #0 0xf72081f4 in malloc (/usr/lib/i386-linux-gnu/libasan.so.3+0xbe1f4) #1 0xf582d366 in load src/modules/loaders/loader_xpm.c:156 #2 0xf70ab49a in imlib_save_image src/lib/api.c:4606 #3 0x56596e08 in main src/bin/imlib2_conv.c:76 #4 0xf6ef0275 in __libc_start_main (/lib/i386-linux-gnu/libc.so.6+0x18275) -- System Information: Architecture: i386 Versions of packages libimlib2 depends on: ii libasan3 6.4.0-1 ii libbz2-1.0 1.0.6-8.1 ii libc6 2.24-12 ii libfreetype6 2.8-0.2 ii libgif7 5.1.4-0.4 ii libid3tag0 0.15.1b-12 ii libjpeg62-turbo 1:1.5.1-2 ii libpng16-16 1.6.30-2 ii libtiff5 4.0.8-3 ii libx11-6 2:1.6.4-3 ii libxext6 2:1.3.3-1+b2 ii zlib1g 1:1.2.8.dfsg-5 -- Jakub Wilk
