Secunia

Some vulnerabilities have been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.

1) An integer overflow error exists in "/gtk+/gdk-pixbuf/io-xpm.c" due to the insufficient validation of the "n_col" value before using it to allocate memory. This can cause a heap-based buffer overflow and may be exploited to execute arbitrary code when a specially crafted XPM file is opened in an application that is linked with the library.

This may be related to vulnerability #2 in:
SA12542

2) An error in "/gtk+/gdk-pixbuf/io-xpm.c" can cause an infinite loop when processing a XPM file with a large number of colours. This can be exploited to cause an application linked with the library to stop responding when a malicious XPM file is opened.

3) An integer overflow error exists in "/gtk+/gdk-pixbuf/io-xpm.c" when performing calculations using the height, width and colours of a XPM file. This may be exploited to execute arbitrary code or to crash an application that is linked with the library when a malicious XPM file is opened.

Solution
The vulnerabilities have been fixed in GTK+ version 2.8.7.
Further details available in Customer Area

Provided and/or discovered by
1) infamous41md.
2-3) Ludwig Nussel.

Changelog
Further details available in Customer Area

Original Advisory
iDEFENSE:
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities

Red Hat Bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171073
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171904
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900

Other references
Further details available in Customer Area

Deep Links
Links available in Customer Area