Login Sign Up

CVE-2024-25447

8.8 HIGH
Denial of Service

📋 TL;DR

A heap buffer overflow vulnerability in imlib2's image parsing function allows attackers to execute arbitrary code or crash applications by processing malicious images. This affects any software using imlib2 v1.9.1 for image loading, including image viewers and applications with image processing capabilities.

💻 Affected Systems

Products:
  • imlib2
  • feh (image viewer)
  • other applications using imlib2 library
Versions: imlib2 v1.9.1
Operating Systems: Linux, BSD, Unix-like systems
Default Config Vulnerable: ⚠️ Yes
Notes: Any application linking against vulnerable imlib2 library is affected when processing images.

📦 What is this software?

Imlib2 by Enlightenment

View all CVEs affecting Imlib2 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Application crashes (denial of service) with potential for limited code execution in memory-corrupted contexts.

🟢

If Mitigated

Contained crashes with no privilege escalation if proper sandboxing and memory protections are enabled.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious images, but web applications processing uploaded images could be vulnerable.
🏢 Internal Only: MEDIUM - Internal users could exploit via shared images or documents, but requires local access or social engineering.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires crafting a malicious image file that triggers the buffer overflow during parsing.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: imlib2 v1.9.2 or later

Vendor Advisory: https://git.enlightenment.org/old/legacy-imlib2/issues/20

Restart Required: Yes

Instructions:

1. Update imlib2 package using system package manager (apt, yum, etc.). 2. Restart affected applications. 3. Recompile any custom applications using imlib2 with updated library.

🔧 Temporary Workarounds

Disable imlib2 image processing

linux

Configure applications to use alternative image libraries or disable image loading features.

Check application documentation for configuration options

Restrict image file uploads/processing

all

Implement strict file type validation and sandbox image processing operations.

🧯 If You Can't Patch

  • Implement application sandboxing with minimal privileges
  • Deploy memory protection mechanisms (ASLR, DEP) and monitor for crashes

🔍 How to Verify

Check if Vulnerable:

Check imlib2 version: `pkg-config --modversion imlib2` or `ldconfig -p | grep imlib2`

Check Version:

pkg-config --modversion imlib2 2>/dev/null || echo 'imlib2 not found'

Verify Fix Applied:

Confirm version is 1.9.2 or higher and test with known safe images.

📡 Detection & Monitoring

Log Indicators:

  • Application crashes with segmentation faults
  • Memory corruption errors in system logs

Network Indicators:

  • Unusual image file transfers to vulnerable systems

SIEM Query:

source="application_logs" AND ("segmentation fault" OR "heap overflow") AND process="*imlib*"

📊 Metadata

CVE ID: CVE-2024-25447
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: February 9, 2024
Last Updated: May 15, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25447, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)