|
GTK+ GdkPixbuf XPM Image Rendering Library Multiple Vulnerabilities
|
|
Secunia Advisory:
|
SA17522
|
|
|
Release Date:
|
2005-11-15
|
|
Last Update:
|
2005-11-16
|
|
Popularity:
|
9,502 views
|
|
|
Critical:
|
 Moderately critical
|
|
Impact:
|
DoS System access
|
|
Where:
|
From remote
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | GdkPixbuf 0.x GTK+ 2.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities
|
| | CVE reference: | CVE-2005-2975 CVE-2005-2976 CVE-2005-3186
|
|
Description: Some vulnerabilities have been reported in GTK+, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a user's system.
1) An integer overflow error exists in "/gtk+/gdk-pixbuf/io-xpm.c" due to the insufficient validation of the "n_col" value before using it to allocate memory. This can cause a heap-based buffer overflow and may be exploited to execute arbitrary code when a specially crafted XPM file is opened in an application that is linked with the library.
This may be related to vulnerability #2 in:
SA12542
2) An error in "/gtk+/gdk-pixbuf/io-xpm.c" can cause an infinite loop when processing a XPM file with a large number of colours. This can be exploited to cause an application linked with the library to stop responding when a malicious XPM file is opened.
3) An integer overflow error exists in "/gtk+/gdk-pixbuf/io-xpm.c" when performing calculations using the height, width and colours of a XPM file. This may be exploited to execute arbitrary code or to crash an application that is linked with the library when a malicious XPM file is opened.
Solution: The vulnerabilities have been fixed in GTK+ version 2.8.7.
ftp://ftp.gtk.org/pub/gtk/v2.8/
Provided and/or discovered by: 1) infamous41md.
2-3) Ludwig Nussel.
Changelog: 2005-11-16: Added information from iDEFENSE. Updated "Solution Status", "Description", "Solution", "Original Advisory" and credit sections.
Original Advisory: iDEFENSE:
http://www.idefense.com/application/poi/display?id=339&type=vulnerabilities
Red Hat Bugzilla:
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171073
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171904
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171900
Other References: SA12542:
http://secunia.com/advisories/12542/
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
|
|
7th Oct, 2008
|
New advisories:
|
19 |
|
New vulnerabilities:
|
68 |
|
Updated advisories:
|
62 |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Solutions | More...
|
|